Bug 982017 – VUL-1: CVE-2016-5105: qemu, kvm: scsi: megasas: stack information leakage while reading configuration

Bug 982017 - (CVE-2016-5105) VUL-1: CVE-2016-5105: qemu, kvm: scsi: megasas: stack information leakage while reading configuration

(CVE-2016-5105)
Summary:	VUL-1: CVE-2016-5105: qemu, kvm: scsi: megasas: stack information leakage whi...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assigned To:	Bruce Rogers
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/169493/
Whiteboard:	CVSSv2:RedHat:CVE-2016-5105:2.3:(AV:A...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2016-05-27 12:48 UTC by Alexander Bergmann
Modified:	2017-03-08 16:53 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2016-05-27 12:48:49 UTC

rh#1339583

Quick Emulator(Qemu) built with the MegaRAID SAS 8708EM2 Host Bus Adapter
emulation support is vulnerable to an information leakage issue. It
could occur while processing MegaRAID Firmware Interface(MFI) command to read
device configuration in 'megasas_dcmd_cfg_read'.

A privileged user inside guest could use this flaw to leak host memory bytes.

Upstream patch:
  -> https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html

Reference:
  -> http://www.openwall.com/lists/oss-security/2016/05/25/5

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1339583
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5105
http://seclists.org/oss-sec/2016/q2/416

Comment 1 Swamp Workflow Management 2016-05-27 22:01:15 UTC

bugbot adjusting priority

Comment 2 Swamp Workflow Management 2016-10-21 17:09:32 UTC

SUSE-SU-2016:2589-1: An update that solves 19 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1000048,967012,967013,982017,982018,982019,982222,982223,982285,982959,983961,983982,991080,991466,994760,994771,994774,996441,997858,997859
CVE References: CVE-2016-2391,CVE-2016-2392,CVE-2016-4453,CVE-2016-4454,CVE-2016-5105,CVE-2016-5106,CVE-2016-5107,CVE-2016-5126,CVE-2016-5238,CVE-2016-5337,CVE-2016-5338,CVE-2016-5403,CVE-2016-6490,CVE-2016-6833,CVE-2016-6836,CVE-2016-6888,CVE-2016-7116,CVE-2016-7155,CVE-2016-7156
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    qemu-2.3.1-21.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    qemu-2.3.1-21.1

Comment 3 Swamp Workflow Management 2016-10-25 18:13:40 UTC

SUSE-SU-2016:2628-1: An update that fixes 16 vulnerabilities is now available.

Category: security (moderate)
Bug References: 902737,944697,967012,967013,982017,982018,982019,982222,982223,982285,982959,983961,983982,991080,991466,996441
CVE References: CVE-2014-7815,CVE-2015-6815,CVE-2016-2391,CVE-2016-2392,CVE-2016-4453,CVE-2016-4454,CVE-2016-5105,CVE-2016-5106,CVE-2016-5107,CVE-2016-5126,CVE-2016-5238,CVE-2016-5337,CVE-2016-5338,CVE-2016-5403,CVE-2016-6490,CVE-2016-7116
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    kvm-1.4.2-47.1

Comment 4 Swamp Workflow Management 2016-10-26 12:12:09 UTC

openSUSE-SU-2016:2642-1: An update that solves 19 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1000048,967012,967013,982017,982018,982019,982222,982223,982285,982959,983961,983982,991080,991466,994760,994771,994774,996441,997858,997859
CVE References: CVE-2016-2391,CVE-2016-2392,CVE-2016-4453,CVE-2016-4454,CVE-2016-5105,CVE-2016-5106,CVE-2016-5107,CVE-2016-5126,CVE-2016-5238,CVE-2016-5337,CVE-2016-5338,CVE-2016-5403,CVE-2016-6490,CVE-2016-6833,CVE-2016-6836,CVE-2016-6888,CVE-2016-7116,CVE-2016-7155,CVE-2016-7156
Sources used:
openSUSE Leap 42.1 (src):    qemu-2.3.1-19.3, qemu-linux-user-2.3.1-19.1, qemu-testsuite-2.3.1-19.6

Comment 5 Swamp Workflow Management 2016-11-12 07:08:21 UTC

SUSE-SU-2016:2781-1: An update that fixes 21 vulnerabilities is now available.

Category: security (moderate)
Bug References: 893323,944697,967012,967013,982017,982018,982019,982222,982223,982285,982959,983961,983982,991080,991466,994760,994771,994774,996441,997858,997859
CVE References: CVE-2014-5388,CVE-2015-6815,CVE-2016-2391,CVE-2016-2392,CVE-2016-4453,CVE-2016-4454,CVE-2016-5105,CVE-2016-5106,CVE-2016-5107,CVE-2016-5126,CVE-2016-5238,CVE-2016-5337,CVE-2016-5338,CVE-2016-5403,CVE-2016-6490,CVE-2016-6833,CVE-2016-6836,CVE-2016-6888,CVE-2016-7116,CVE-2016-7155,CVE-2016-7156
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    qemu-2.0.2-48.22.1
SUSE Linux Enterprise Server 12-LTSS (src):    qemu-2.0.2-48.22.1

Comment 6 Bruce Rogers 2017-03-08 16:53:45 UTC

Fixed.