First Last Prev Next    This bug is not in your last search results.
Bug 1181361 - (CVE-2021-20196) VUL-1: CVE-2021-20196: qemu,kvm: block/fdc: null pointer dereference may lead to guest crash
(CVE-2021-20196)
VUL-1: CVE-2021-20196: qemu,kvm: block/fdc: null pointer dereference may lead...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Dario Faggioli
Security Team bot
https://smash.suse.de/issue/276208/
CVSSv3.1:SUSE:CVE-2021-20196:3.2:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-01-25 13:45 UTC by Wolfgang Frisch
Modified: 2022-04-11 19:18 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
qemu reproducer (416 bytes, text/plain)
2021-01-25 18:24 UTC, Gianluca Gabrielli 		Details
reproducer executed in SLES 12 SP3 (183.81 KB, image/png)
2021-01-25 18:25 UTC, Gianluca Gabrielli 		Details
reproducer executed in SLES 15 SP2 (184.04 KB, image/png)
2021-01-25 18:26 UTC, Gianluca Gabrielli 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2021-01-25 13:45:31 UTC 
CVE-2021-20196

A NULL pointer dereference issue was found in the Floopy disk emulator of QEMU. It could occur while processing read/write ioport commands, if the selected Floopy drive is not initialised with a block device. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario.


References:
https://lists.nongnu.org/archive/html/qemu-devel/2021-01/msg05986.html
https://bugzilla.redhat.com/show_bug.cgi?id=1919210
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20196
Comment 1 Gianluca Gabrielli 2021-01-25 18:21:42 UTC 
This issue affects qemu>=v2.2.0-rc0, and it was introduced in 4be746345f13e99e468c60acbd3a355e8183e3ce [1] commit.

Affected code-streams are:
 * SUSE:SLE-12-SP2:Update
 * SUSE:SLE-12-SP3:Update
 * SUSE:SLE-12-SP4:Update
 * SUSE:SLE-12-SP5:Update
 * SUSE:SLE-15:Update
 * SUSE:SLE-15-SP1:Update
 * SUSE:SLE-15-SP2:Update
 * SUSE:SLE-15-SP3:Update

The xen and kvm packages are not affected.

[1] https://github.com/qemu/qemu/commit/4be746345f13e99e468c60acbd3a355e8183e3ce
Comment 2 Gianluca Gabrielli 2021-01-25 18:24:58 UTC 
Created attachment 845497 [details]
qemu reproducer

If the output is a segmentation fault, the reproducer should be considered successful.
Comment 3 Gianluca Gabrielli 2021-01-25 18:25:51 UTC 
Created attachment 845498 [details]
reproducer executed in SLES 12 SP3
Comment 4 Gianluca Gabrielli 2021-01-25 18:26:11 UTC 
Created attachment 845499 [details]
reproducer executed in SLES 15 SP2
Comment 9 Dario Faggioli 2021-12-24 00:24:24 UTC 
(In reply to Gianluca Gabrielli from comment #1)
> This issue affects qemu>=v2.2.0-rc0, and it was introduced in
> 4be746345f13e99e468c60acbd3a355e8183e3ce [1] commit.
> 
> Affected code-streams are:
>  * SUSE:SLE-12-SP2:Update
>  * SUSE:SLE-12-SP3:Update
>  * SUSE:SLE-12-SP4:Update
>  * SUSE:SLE-12-SP5:Update
>  * SUSE:SLE-15:Update
>  * SUSE:SLE-15-SP1:Update
>  * SUSE:SLE-15-SP2:Update
>  * SUSE:SLE-15-SP3:Update
> 
For now:

15-SP3 --> https://build.suse.de/request/show/261188
15-SP2 --> https://build.suse.de/request/show/261189
Comment 13 Swamp Workflow Management 2022-01-25 17:31:17 UTC 
SUSE-SU-2022:0177-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 1181361
CVE References: CVE-2021-20196
JIRA References: 
Sources used:
SUSE MicroOS 5.1 (src):    qemu-5.2.0-150300.109.2
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    qemu-5.2.0-150300.109.2
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    qemu-5.2.0-150300.109.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2022-01-25 17:37:34 UTC 
openSUSE-SU-2022:0177-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 1181361
CVE References: CVE-2021-20196
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    qemu-5.2.0-150300.109.2, qemu-linux-user-5.2.0-150300.109.2, qemu-testsuite-5.2.0-150300.109.4
Comment 15 Swamp Workflow Management 2022-01-27 17:23:39 UTC 
SUSE-SU-2022:0210-1: An update that fixes two vulnerabilities is now available.

Category: security (low)
Bug References: 1172033,1181361
CVE References: CVE-2020-13253,CVE-2021-20196
JIRA References: 
Sources used:
SUSE Linux Enterprise Micro 5.0 (src):    qemu-4.2.1-11.34.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2022-01-27 17:24:56 UTC 
openSUSE-SU-2022:0210-1: An update that fixes two vulnerabilities is now available.

Category: security (low)
Bug References: 1172033,1181361
CVE References: CVE-2020-13253,CVE-2021-20196
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    qemu-4.2.1-11.34.2
Comment 17 Swamp Workflow Management 2022-02-18 14:22:39 UTC 
SUSE-SU-2022:0210-2: An update that fixes two vulnerabilities is now available.

Category: security (low)
Bug References: 1172033,1181361
CVE References: CVE-2020-13253,CVE-2021-20196
JIRA References: 
Sources used:
SUSE Linux Enterprise Realtime Extension 15-SP2 (src):    qemu-4.2.1-11.34.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Swamp Workflow Management 2022-02-18 14:36:48 UTC 
openSUSE-SU-2022:0210-2: An update that fixes two vulnerabilities is now available.

Category: security (low)
Bug References: 1172033,1181361
CVE References: CVE-2020-13253,CVE-2021-20196
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    qemu-4.2.1-11.34.2
Comment 19 Gianluca Gabrielli 2022-03-02 10:47:35 UTC 
Since the CVSS in quite low, you can just submit to the following missing regular-supported codestreams:
 - SUSE:SLE-12-SP3:Update
 - SUSE:SLE-12-SP5:Update
 - SUSE:SLE-15-SP1:Update
Comment 22 Dario Faggioli 2022-03-11 08:21:52 UTC 
(In reply to Dario Faggioli from comment #9)
> (In reply to Gianluca Gabrielli from comment #1)
> > Affected code-streams are:
> >  * SUSE:SLE-12-SP2:Update
> >  * SUSE:SLE-12-SP3:Update
> >  * SUSE:SLE-12-SP4:Update
> >  * SUSE:SLE-12-SP5:Update
> >  * SUSE:SLE-15:Update
> >  * SUSE:SLE-15-SP1:Update
> >  * SUSE:SLE-15-SP2:Update
> >  * SUSE:SLE-15-SP3:Update
> > 
> For now:
> 
> 15-SP3 --> https://build.suse.de/request/show/261188
> 15-SP2 --> https://build.suse.de/request/show/261189
>
12-SP5 --> https://build.suse.de/request/show/267289
Comment 23 Dario Faggioli 2022-03-11 08:45:36 UTC 
MRs:
- for SLE-12-SP5:Update: https://build.suse.de/request/show/267290
- for SLE-15-SP3:Update: https://build.suse.de/request/show/267291

For 15-SP2 , it's there already.
Comment 24 Swamp Workflow Management 2022-04-11 19:18:47 UTC 
SUSE-SU-2022:1151-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1181361,1187529,1192463,1192525,1196737
CVE References: CVE-2021-20196,CVE-2021-3930
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    qemu-3.1.1.1-63.4

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
First Last Prev Next    This bug is not in your last search results.