Bug 1166240 (CVE-2020-1711) - VUL-0: CVE-2020-1711: kvm,qemu: block: iscsi: OOB heap access via an unexpected response of iSCSI Server
Summary: VUL-0: CVE-2020-1711: kvm,qemu: block: iscsi: OOB heap access via an unexpect...
Status: RESOLVED FIXED
Alias: CVE-2020-1711
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/251596/
Whiteboard: CVSSv3.1:SUSE:CVE-2020-1711:8.6:(AV:N...
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-10 12:57 UTC by Marcus Meissner
Modified: 2021-05-27 12:48 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2020-03-10 12:57:02 UTC
An out-of-bounds heap buffer access issue was found in the way iSCSI Block driver
in QEMU handled response coming from an iSCSI server, while checking
status of a Logical Address Block (LBA) in iscsi_co_block_status() routine.

A remote user could use this flaw to crash the QEMU process resulting in DoS OR
potentially execute arbitrary code with privileges of the QEMU process on the
host.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html

Reference:
----------
  -> https://www.openwall.com/lists/oss-security/2020/01/23/3

http://seclists.org/oss-sec/2020/q1/31
Comment 3 Swamp Workflow Management 2020-04-01 19:16:49 UTC
SUSE-SU-2020:0844-1: An update that solves 6 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1123156,1154790,1161066,1162729,1163018,1165776,1166240,1166379
CVE References: CVE-2019-15034,CVE-2019-20382,CVE-2019-6778,CVE-2020-1711,CVE-2020-7039,CVE-2020-8608
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP1 (src):    qemu-3.1.1.1-9.14.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    qemu-3.1.1.1-9.14.1, qemu-linux-user-3.1.1.1-9.14.1, qemu-testsuite-3.1.1.1-9.14.2
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    qemu-3.1.1.1-9.14.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 4 Swamp Workflow Management 2020-04-01 19:24:19 UTC
SUSE-SU-2020:0845-1: An update that solves 6 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1123156,1154790,1156642,1156794,1158880,1161066,1162161,1162729,1163018,1165776,1166240,1166379
CVE References: CVE-2019-15034,CVE-2019-20382,CVE-2019-6778,CVE-2020-1711,CVE-2020-7039,CVE-2020-8608
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    qemu-3.1.1.1-3.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Swamp Workflow Management 2020-04-07 04:14:28 UTC
openSUSE-SU-2020:0468-1: An update that solves 6 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1123156,1154790,1161066,1162729,1163018,1165776,1166240,1166379
CVE References: CVE-2019-15034,CVE-2019-20382,CVE-2019-6778,CVE-2020-1711,CVE-2020-7039,CVE-2020-8608
Sources used:
openSUSE Leap 15.1 (src):    qemu-3.1.1.1-lp151.7.12.1, qemu-linux-user-3.1.1.1-lp151.7.12.1
Comment 6 Swamp Workflow Management 2020-04-17 21:30:06 UTC
This is an autogenerated message for OBS integration:
This bug (1166240) was mentioned in
https://build.opensuse.org/request/show/795126 Factory / qemu
Comment 7 Bruce Rogers 2020-05-13 02:24:22 UTC
It doesn't seem that qemu versions earlier than v2.1 don't suffer from this vulnerability so SLE12 and earlier releases are not affected.
Comment 8 Bruce Rogers 2020-05-13 03:38:50 UTC
(In reply to Bruce Rogers from comment #7)
> It doesn't seem that qemu versions earlier than v2.1 don't suffer from this
> vulnerability so SLE12 and earlier releases are not affected.

Sorry for poor English. This is what happens when working from home and being distracted while working. Nix the second negative.
Comment 10 Bruce Rogers 2020-05-14 22:17:53 UTC
All affected qemu packages are fixed and checked in for maintenance update. Reassigning to security team.
Comment 11 Swamp Workflow Management 2020-05-28 19:13:32 UTC
SUSE-SU-2020:1501-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1123156,1161066,1163018,1165776,1166240,1170940
CVE References: CVE-2019-20382,CVE-2019-6778,CVE-2020-1711,CVE-2020-1983,CVE-2020-7039,CVE-2020-8608
Sources used:
SUSE Linux Enterprise Server 12-SP4 (src):    qemu-2.11.2-5.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2020-06-02 13:15:57 UTC
SUSE-SU-2020:1514-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1123156,1146873,1149811,1161066,1163018,1166240,1170940
CVE References: CVE-2019-12068,CVE-2019-15890,CVE-2019-6778,CVE-2020-1711,CVE-2020-1983,CVE-2020-7039,CVE-2020-8608
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    qemu-2.3.1-33.29.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    qemu-2.3.1-33.29.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2020-06-03 10:15:41 UTC
SUSE-SU-2020:1523-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1123156,1161066,1163018,1165776,1166240,1170940
CVE References: CVE-2019-20382,CVE-2019-6778,CVE-2020-1711,CVE-2020-1983,CVE-2020-7039,CVE-2020-8608
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    qemu-2.11.2-9.36.1
SUSE Linux Enterprise Server 15-LTSS (src):    qemu-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    qemu-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    qemu-2.11.2-9.36.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2020-06-03 13:19:00 UTC
SUSE-SU-2020:1526-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1123156,1146873,1149811,1161066,1163018,1166240,1170940
CVE References: CVE-2019-12068,CVE-2019-15890,CVE-2019-6778,CVE-2020-1711,CVE-2020-1983,CVE-2020-7039,CVE-2020-8608
Sources used:
SUSE OpenStack Cloud 7 (src):    qemu-2.6.2-41.59.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    qemu-2.6.2-41.59.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    qemu-2.6.2-41.59.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    qemu-2.6.2-41.59.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2020-06-04 16:17:46 UTC
SUSE-SU-2020:1538-1: An update that solves 7 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1123156,1146873,1149811,1160024,1161066,1163018,1166240,1170940
CVE References: CVE-2019-12068,CVE-2019-15890,CVE-2019-6778,CVE-2020-1711,CVE-2020-1983,CVE-2020-7039,CVE-2020-8608
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    qemu-2.9.1-6.44.1
SUSE OpenStack Cloud 8 (src):    qemu-2.9.1-6.44.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    qemu-2.9.1-6.44.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    qemu-2.9.1-6.44.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    qemu-2.9.1-6.44.1
SUSE Enterprise Storage 5 (src):    qemu-2.9.1-6.44.1
HPE Helion Openstack 8 (src):    qemu-2.9.1-6.44.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Alexandros Toptsoglou 2020-07-24 12:37:12 UTC
Done