Bugzilla – Bug 1172382
VUL-1: CVE-2020-13754: kvm,qemu: msix: OOB access during mmio operations may lead to DoS
Last modified: 2024-07-30 08:57:35 UTC
CVE-2020-13754 An OOB access issue was found in the Message Signalled Interrupt (MSI-X) device support of QEMU. It could occur while performing MSI-X mmio operations when a guest sent address goes beyond the mmio region. A guest user/process may use this flaw to crash the QEMU process resulting in DoS scenario. References: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00004.html https://www.openwall.com/lists/oss-security/2020/06/01/6 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13754 http://seclists.org/oss-sec/2020/q2/157 https://bugzilla.redhat.com/show_bug.cgi?id=1842363 https://access.redhat.com/security/cve/CVE-2020-13754
Created attachment 838427 [details] CVE-2020-13754-qemu.patch Upstream patch. Source: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00004.html
Created attachment 838430 [details] CVE-2020-13754-qemu.patch
Looks like tweaks to the fix are still forthcoming. Will watch for developments.
This was resolved upstream in commit 5d971f9e672507210e77d020d89e0e89165c8fc9, which simply reverts an earlier commit.
It turns out that there are other qemu fixes needed to add this patch, and I've not yet got that researched. We may not get this in the next maintenance update, since I want to make sure we have all needed fixes included as well to not cause more trouble than we're solving.
SUSE-SU-2021:1829-1: An update that solves 11 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1031692,1094725,1126455,1149813,1163019,1172380,1172382,1175534,1178935,1179477,1181933,1182846,1182975 CVE References: CVE-2019-15890,CVE-2019-8934,CVE-2020-10756,CVE-2020-13754,CVE-2020-14364,CVE-2020-25723,CVE-2020-29130,CVE-2020-8608,CVE-2021-20221,CVE-2021-20257,CVE-2021-3419 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP2-BCL (src): qemu-2.6.2-41.65.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1894-1: An update that solves 11 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1094725,1149813,1163019,1172380,1172382,1175534,1178683,1178935,1179477,1181933,1182846,1182975 CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-13754,CVE-2020-14364,CVE-2020-25707,CVE-2020-25723,CVE-2020-29130,CVE-2020-8608,CVE-2021-20221,CVE-2021-20257,CVE-2021-3419 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 8 (src): qemu-2.9.1-6.50.1 SUSE OpenStack Cloud 8 (src): qemu-2.9.1-6.50.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): qemu-2.9.1-6.50.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): qemu-2.9.1-6.50.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): qemu-2.9.1-6.50.1 HPE Helion Openstack 8 (src): qemu-2.9.1-6.50.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1895-1: An update that fixes 11 vulnerabilities is now available. Category: security (important) Bug References: 1149813,1163019,1172380,1172382,1175534,1178683,1178935,1179477,1179484,1182846,1182975 CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-13754,CVE-2020-14364,CVE-2020-25707,CVE-2020-25723,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20257,CVE-2021-3419 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): qemu-2.11.2-9.46.1 SUSE Linux Enterprise Server 15-LTSS (src): qemu-2.11.2-9.46.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): qemu-2.11.2-9.46.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): qemu-2.11.2-9.46.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1947-1: An update that fixes 11 vulnerabilities is now available. Category: security (important) Bug References: 1149813,1163019,1172380,1172382,1175534,1178683,1178935,1179477,1179484,1182846,1182975 CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-13754,CVE-2020-14364,CVE-2020-25707,CVE-2020-25723,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20257,CVE-2021-3419 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): qemu-2.11.2-5.32.1 SUSE OpenStack Cloud 9 (src): qemu-2.11.2-5.32.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): qemu-2.11.2-5.32.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): qemu-2.11.2-5.32.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:0761-1: An update that solves 14 vulnerabilities can now be installed. Category: security (important) Bug References: 1172033, 1172382, 1175144, 1180207, 1182282, 1185000, 1193880, 1197653, 1198035, 1198038, 1198712, 1201367, 1205808 CVE References: CVE-2020-13253, CVE-2020-13754, CVE-2020-14394, CVE-2020-17380, CVE-2020-25085, CVE-2021-3409, CVE-2021-3507, CVE-2021-3929, CVE-2021-4206, CVE-2022-0216, CVE-2022-1050, CVE-2022-26354, CVE-2022-35414, CVE-2022-4144 Sources used: SUSE Linux Enterprise High Performance Computing 12 SP5 (src): qemu-3.1.1.1-66.1 SUSE Linux Enterprise Server 12 SP5 (src): qemu-3.1.1.1-66.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): qemu-3.1.1.1-66.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3721-1: An update that solves 10 vulnerabilities and has one security fix can now be installed. Category: security (important) Bug References: 1172382, 1188609, 1190011, 1193880, 1197653, 1198712, 1207205, 1212850, 1212968, 1213925, 1215311 CVE References: CVE-2020-13754, CVE-2021-3638, CVE-2021-3750, CVE-2021-3929, CVE-2022-1050, CVE-2022-26354, CVE-2023-0330, CVE-2023-2861, CVE-2023-3180, CVE-2023-3354 Sources used: openSUSE Leap 15.4 (src): qemu-4.2.1-150200.79.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): qemu-4.2.1-150200.79.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): qemu-4.2.1-150200.79.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): qemu-4.2.1-150200.79.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3800-1: An update that solves nine vulnerabilities and has one security fix can now be installed. Category: security (important) Bug References: 1172382, 1190011, 1193880, 1197653, 1198712, 1207205, 1212850, 1212968, 1213925, 1215311 CVE References: CVE-2019-13754, CVE-2021-3750, CVE-2021-3929, CVE-2022-1050, CVE-2022-26354, CVE-2023-0330, CVE-2023-2861, CVE-2023-3180, CVE-2023-3354 Sources used: SUSE CaaS Platform 4.0 (src): qemu-3.1.1.1-150100.80.51.5 SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): qemu-3.1.1.1-150100.80.51.5 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): qemu-3.1.1.1-150100.80.51.5 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): qemu-3.1.1.1-150100.80.51.5 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This should be done. Assigning it back
Thanks! Released.