Bug 964415 - VUL-1: CVE-2016-2198: xen: usb: ehci null pointer dereference in ehci_caps_write
VUL-1: CVE-2016-2198: xen: usb: ehci null pointer dereference in ehci_caps_write
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/161448/
CVSSv2:SUSE:CVE-2016-2198:2.3:(AV:A/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-01 10:19 UTC by Johannes Segitz
Modified: 2016-07-20 14:42 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2016-02-01 10:19:08 UTC
+++ This bug was initially created as a clone of Bug #964413 +++

rh#1301643

Qemu emulator built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers.

A privileged user inside quest could use this flaw to crash the Qemu process instance resulting in DoS.

Patch: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05899.html

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1301643
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2198
http://seclists.org/oss-sec/2016/q1/255
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2198.html
Comment 2 Swamp Workflow Management 2016-02-01 23:01:13 UTC
bugbot adjusting priority
Comment 3 Charles Arnold 2016-02-27 00:51:55 UTC
This bug may be included in one or more of the
submissions listed below.

SUSE:SLE-12-SP1:Update: 98638
SUSE:SLE-12:Update: 98642
SUSE:SLE-11-SP4:Update: 98646
SUSE:SLE-11-SP3:Update: 98650
SUSE:SLE-11-SP2:Update: 98654
SUSE:SLE-11-SP1:Update:Teradata: 98658
SUSE:SLE-11-SP1:Update: 98662
SUSE:SLE-10-SP4:Update:Test: 98666
SUSE:SLE-10-SP3:Update:Test: 98670

openSUSE:Factory: 362063
openSUSE:Leap:42.1:Update: 362057
openSUSE:13.2:Update: 362060
Comment 4 Swamp Workflow Management 2016-05-17 16:12:26 UTC
SUSE-SU-2016:1318-1: An update that solves 45 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 954872,956832,957988,958007,958009,958493,958523,958918,959006,959387,959695,960707,960726,960836,960861,960862,961332,961358,961692,962321,962335,962360,962611,962627,962632,962642,962758,963783,963923,964415,964431,964452,964644,964746,964925,964929,964947,964950,965112,965156,965269,965315,965317,967090,967101,968004,969125,969126
CVE References: CVE-2013-4527,CVE-2013-4529,CVE-2013-4530,CVE-2013-4533,CVE-2013-4534,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3640,CVE-2014-3689,CVE-2014-7815,CVE-2014-9718,CVE-2015-1779,CVE-2015-5278,CVE-2015-6855,CVE-2015-7512,CVE-2015-7549,CVE-2015-8345,CVE-2015-8504,CVE-2015-8550,CVE-2015-8554,CVE-2015-8555,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2015-8817,CVE-2015-8818,CVE-2016-1568,CVE-2016-1570,CVE-2016-1571,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2270,CVE-2016-2271,CVE-2016-2391,CVE-2016-2392,CVE-2016-2538
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    xen-4.4.4_02-22.19.1
SUSE Linux Enterprise Server 12 (src):    xen-4.4.4_02-22.19.1
SUSE Linux Enterprise Desktop 12 (src):    xen-4.4.4_02-22.19.1