Bugzilla – Bug 1165776
VUL-0: CVE-2019-20382: qemu: memory leak upon VNC disconnect if ZRLE or Tight encoding is enabled
Last modified: 2023-07-25 17:33:41 UTC
CVE-2019-20382 A memory leakage flaw was found in the way VNC display driver of QEMU handled connection disconnect, when ZRLE, Tight encoding is enabled. It creates two vncState objects, one of which allocates memory for Zlib's data object. This allocated memory is not free'd upon disconnection resulting in the said memory leakage issue. A user able to connect to the VNC server could use this flaw to leak host memory leading to a potential DoS scenario. References: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0 https://bugzilla.redhat.com/show_bug.cgi?id=1810390 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20382
QA REPRODUCER: # qemu-system-x86_64 -vnc :0 # vncviewer -AutoSelect=0 -PreferredEncoding=Tight [::1]:0 --> If affected, qemu leaks approximately 500 KB of memory per connection. To amplify the test, run vncviewer repeatedly and watch the qemu process' resident memory consumption grow: # for((i=0;i<100;i++)); do timeout 0.2 vncviewer -AutoSelect=0 -PreferredEncoding=Tight [::1]:0; done
SUSE-SU-2020:0844-1: An update that solves 6 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1123156,1154790,1161066,1162729,1163018,1165776,1166240,1166379 CVE References: CVE-2019-15034,CVE-2019-20382,CVE-2019-6778,CVE-2020-1711,CVE-2020-7039,CVE-2020-8608 Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP1 (src): qemu-3.1.1.1-9.14.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): qemu-3.1.1.1-9.14.1, qemu-linux-user-3.1.1.1-9.14.1, qemu-testsuite-3.1.1.1-9.14.2 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): qemu-3.1.1.1-9.14.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:0845-1: An update that solves 6 vulnerabilities and has 6 fixes is now available. Category: security (important) Bug References: 1123156,1154790,1156642,1156794,1158880,1161066,1162161,1162729,1163018,1165776,1166240,1166379 CVE References: CVE-2019-15034,CVE-2019-20382,CVE-2019-6778,CVE-2020-1711,CVE-2020-7039,CVE-2020-8608 Sources used: SUSE Linux Enterprise Server 12-SP5 (src): qemu-3.1.1.1-3.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:0468-1: An update that solves 6 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1123156,1154790,1161066,1162729,1163018,1165776,1166240,1166379 CVE References: CVE-2019-15034,CVE-2019-20382,CVE-2019-6778,CVE-2020-1711,CVE-2020-7039,CVE-2020-8608 Sources used: openSUSE Leap 15.1 (src): qemu-3.1.1.1-lp151.7.12.1, qemu-linux-user-3.1.1.1-lp151.7.12.1
All affected qemu packages are fixed and submitted for maintenance update. Reassigning to security team.
SUSE-SU-2020:1501-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 1123156,1161066,1163018,1165776,1166240,1170940 CVE References: CVE-2019-20382,CVE-2019-6778,CVE-2020-1711,CVE-2020-1983,CVE-2020-7039,CVE-2020-8608 Sources used: SUSE Linux Enterprise Server 12-SP4 (src): qemu-2.11.2-5.26.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:1523-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 1123156,1161066,1163018,1165776,1166240,1170940 CVE References: CVE-2019-20382,CVE-2019-6778,CVE-2020-1711,CVE-2020-1983,CVE-2020-7039,CVE-2020-8608 Sources used: SUSE Linux Enterprise Server for SAP 15 (src): qemu-2.11.2-9.36.1 SUSE Linux Enterprise Server 15-LTSS (src): qemu-2.11.2-9.36.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): qemu-2.11.2-9.36.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): qemu-2.11.2-9.36.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Done