Bug 939254 - (CVE-2015-5158) VUL-0: CVE-2015-5158: xen,kvm,qemu: scsi stack buffer overflow
(CVE-2015-5158)
VUL-0: CVE-2015-5158: xen,kvm,qemu: scsi stack buffer overflow
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Andreas Färber
Security Team bot
https://smash.suse.de/issue/119210/
CVSSv2:RedHat:CVE-2015-5158:4.4:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-07-23 13:46 UTC by Johannes Segitz
Modified: 2016-04-14 15:31 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2015-07-23 13:46:52 UTC
From: P J P 

Qemu emulator built with the SCSI device emulation support is vulnerable to a 
stack buffer overflow issue. It could occur while parsing SCSI command 
descriptor block with an invalid operation code.

A privileged(CAP_SYS_RAWIO) user inside guest could use this flaw to crash the 
Qemu instance resulting in DoS.

Patch:
https://lists.nongnu.org/archive/html/qemu-devel/2015-07/msg04558.html

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1244332
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5158
http://seclists.org/oss-sec/2015/q3/175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5158
https://lists.nongnu.org/archive/html/qemu-devel/2015-07/msg04558.html
Comment 1 Swamp Workflow Management 2015-07-23 22:00:25 UTC
bugbot adjusting priority
Comment 3 Johannes Segitz 2015-07-24 16:07:26 UTC
introduced in 2.2, doesn't affect us
Comment 4 Andreas Färber 2015-07-24 16:12:02 UTC
May affect SLE 12 SP1 and Tumbleweed.
Comment 5 Andreas Stieger 2015-10-26 16:52:42 UTC
Upstream fix commit is:
http://git.qemu.org/?p=qemu.git;a=commit;h=c170aad8b057223b1139d72e5ce7acceafab4fa9

Affects SLE 12 SP1, Leap 42.1 and Tumbleweed.
Comment 6 Bruce Rogers 2015-11-03 22:48:04 UTC
(In reply to Andreas Stieger from comment #5)
> Upstream fix commit is:
> http://git.qemu.org/?p=qemu.git;a=commit;
> h=c170aad8b057223b1139d72e5ce7acceafab4fa9
> 
> Affects SLE 12 SP1, Leap 42.1 and Tumbleweed.

As we now have the v2.3.1 stable release of QEMU
in SLE 12 SP1 and Leap 42.1, which contains this
fix, only Tumbleweed is vulnerable, since it is
still at v2.3.0 QEMU.
Comment 7 Marcus Meissner 2015-12-19 16:40:26 UTC
factory is 2.4.0 now, so we can close