Bug 1172382 (CVE-2020-13754) - VUL-1: CVE-2020-13754: kvm,qemu: msix: OOB access during mmio operations may lead to DoS
Summary: VUL-1: CVE-2020-13754: kvm,qemu: msix: OOB access during mmio operations may ...
Status: RESOLVED FIXED
Alias: CVE-2020-13754
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/260326/
Whiteboard: CVSSv3.1:SUSE:CVE-2020-13754:3.9:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2020-06-02 09:17 UTC by Wolfgang Frisch
Modified: 2024-07-30 08:57 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
CVE-2020-13754-qemu.patch (2.17 KB, patch)
2020-06-02 14:51 UTC, Wolfgang Frisch
Details | Diff
CVE-2020-13754-qemu.patch (2.17 KB, patch)
2020-06-02 14:55 UTC, Wolfgang Frisch
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2020-06-02 09:17:53 UTC
CVE-2020-13754

An OOB access issue was found in the Message Signalled Interrupt (MSI-X) device support of QEMU. It could occur while performing MSI-X mmio operations when a guest sent address goes beyond the mmio region. A guest user/process may use this flaw to crash the QEMU process resulting in DoS scenario.

References:
https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00004.html
https://www.openwall.com/lists/oss-security/2020/06/01/6
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13754
http://seclists.org/oss-sec/2020/q2/157
https://bugzilla.redhat.com/show_bug.cgi?id=1842363
https://access.redhat.com/security/cve/CVE-2020-13754
Comment 1 Wolfgang Frisch 2020-06-02 14:51:04 UTC
Created attachment 838427 [details]
CVE-2020-13754-qemu.patch

Upstream patch.
Source: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00004.html
Comment 2 Wolfgang Frisch 2020-06-02 14:55:11 UTC
Created attachment 838430 [details]
CVE-2020-13754-qemu.patch
Comment 4 Bruce Rogers 2020-06-08 20:11:04 UTC
Looks like tweaks to the fix are still forthcoming. Will watch for developments.
Comment 5 Bruce Rogers 2020-07-08 20:04:34 UTC
This was resolved upstream in commit 5d971f9e672507210e77d020d89e0e89165c8fc9, which simply reverts an earlier commit.
Comment 6 Bruce Rogers 2021-03-31 01:20:48 UTC
It turns out that there are other qemu fixes needed to add this patch, and I've not yet got that researched. We may not get this in the next maintenance update, since I want to make sure we have all needed fixes included as well to not cause more trouble than we're solving.
Comment 11 Swamp Workflow Management 2021-06-02 16:17:32 UTC
SUSE-SU-2021:1829-1: An update that solves 11 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1031692,1094725,1126455,1149813,1163019,1172380,1172382,1175534,1178935,1179477,1181933,1182846,1182975
CVE References: CVE-2019-15890,CVE-2019-8934,CVE-2020-10756,CVE-2020-13754,CVE-2020-14364,CVE-2020-25723,CVE-2020-29130,CVE-2020-8608,CVE-2021-20221,CVE-2021-20257,CVE-2021-3419
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    qemu-2.6.2-41.65.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2021-06-08 16:53:37 UTC
SUSE-SU-2021:1894-1: An update that solves 11 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1094725,1149813,1163019,1172380,1172382,1175534,1178683,1178935,1179477,1181933,1182846,1182975
CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-13754,CVE-2020-14364,CVE-2020-25707,CVE-2020-25723,CVE-2020-29130,CVE-2020-8608,CVE-2021-20221,CVE-2021-20257,CVE-2021-3419
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    qemu-2.9.1-6.50.1
SUSE OpenStack Cloud 8 (src):    qemu-2.9.1-6.50.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    qemu-2.9.1-6.50.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    qemu-2.9.1-6.50.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    qemu-2.9.1-6.50.1
HPE Helion Openstack 8 (src):    qemu-2.9.1-6.50.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2021-06-08 17:15:16 UTC
SUSE-SU-2021:1895-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1149813,1163019,1172380,1172382,1175534,1178683,1178935,1179477,1179484,1182846,1182975
CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-13754,CVE-2020-14364,CVE-2020-25707,CVE-2020-25723,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20257,CVE-2021-3419
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    qemu-2.11.2-9.46.1
SUSE Linux Enterprise Server 15-LTSS (src):    qemu-2.11.2-9.46.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    qemu-2.11.2-9.46.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    qemu-2.11.2-9.46.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2021-06-10 13:47:22 UTC
SUSE-SU-2021:1947-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1149813,1163019,1172380,1172382,1175534,1178683,1178935,1179477,1179484,1182846,1182975
CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-13754,CVE-2020-14364,CVE-2020-25707,CVE-2020-25723,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20257,CVE-2021-3419
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    qemu-2.11.2-5.32.1
SUSE OpenStack Cloud 9 (src):    qemu-2.11.2-5.32.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    qemu-2.11.2-5.32.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    qemu-2.11.2-5.32.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Maintenance Automation 2023-03-16 12:30:23 UTC
SUSE-SU-2023:0761-1: An update that solves 14 vulnerabilities can now be installed.

Category: security (important)
Bug References: 1172033, 1172382, 1175144, 1180207, 1182282, 1185000, 1193880, 1197653, 1198035, 1198038, 1198712, 1201367, 1205808
CVE References: CVE-2020-13253, CVE-2020-13754, CVE-2020-14394, CVE-2020-17380, CVE-2020-25085, CVE-2021-3409, CVE-2021-3507, CVE-2021-3929, CVE-2021-4206, CVE-2022-0216, CVE-2022-1050, CVE-2022-26354, CVE-2022-35414, CVE-2022-4144
Sources used:
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): qemu-3.1.1.1-66.1
SUSE Linux Enterprise Server 12 SP5 (src): qemu-3.1.1.1-66.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): qemu-3.1.1.1-66.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Maintenance Automation 2023-09-21 08:30:01 UTC
SUSE-SU-2023:3721-1: An update that solves 10 vulnerabilities and has one security fix can now be installed.

Category: security (important)
Bug References: 1172382, 1188609, 1190011, 1193880, 1197653, 1198712, 1207205, 1212850, 1212968, 1213925, 1215311
CVE References: CVE-2020-13754, CVE-2021-3638, CVE-2021-3750, CVE-2021-3929, CVE-2022-1050, CVE-2022-26354, CVE-2023-0330, CVE-2023-2861, CVE-2023-3180, CVE-2023-3354
Sources used:
openSUSE Leap 15.4 (src): qemu-4.2.1-150200.79.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): qemu-4.2.1-150200.79.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): qemu-4.2.1-150200.79.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): qemu-4.2.1-150200.79.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 23 Maintenance Automation 2023-09-27 12:30:07 UTC
SUSE-SU-2023:3800-1: An update that solves nine vulnerabilities and has one security fix can now be installed.

Category: security (important)
Bug References: 1172382, 1190011, 1193880, 1197653, 1198712, 1207205, 1212850, 1212968, 1213925, 1215311
CVE References: CVE-2019-13754, CVE-2021-3750, CVE-2021-3929, CVE-2022-1050, CVE-2022-26354, CVE-2023-0330, CVE-2023-2861, CVE-2023-3180, CVE-2023-3354
Sources used:
SUSE CaaS Platform 4.0 (src): qemu-3.1.1.1-150100.80.51.5
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): qemu-3.1.1.1-150100.80.51.5
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): qemu-3.1.1.1-150100.80.51.5
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): qemu-3.1.1.1-150100.80.51.5

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 24 Dario Faggioli 2024-07-09 13:06:56 UTC
This should be done. Assigning it back
Comment 25 Wolfgang Frisch 2024-07-30 08:57:35 UTC
Thanks!
Released.