Bug 994760 - (CVE-2016-6836) VUL-0: CVE-2016-6836: kvm,qemu: net: vmxnet: Information leakage in vmxnet3_complete_packet
(CVE-2016-6836)
VUL-0: CVE-2016-6836: kvm,qemu: net: vmxnet: Information leakage in vmxnet3_c...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Bruce Rogers
Security Team bot
https://smash.suse.de/issue/171991/
CVSSv2:RedHat:CVE-2016-6836:2.3:(AV:A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-08-20 12:00 UTC by Marcus Meissner
Modified: 2017-03-08 16:49 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-08-20 12:00:12 UTC
http://seclists.org/oss-sec/2016/q3/262

Hello,

Quick Emulator(Qemu) built with the VMWARE VMXNET3 NIC device support is vulnerable to an information leakage issue. It could occur while processing transmit(tx) queue, when it reaches the end of packet.


A privileged user inside guest could use this leak host memory bytes to a guest.


Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html

Reference:
  -> https://bugzilla.redhat.com/show_bug.cgi?id=1366369

This issue was reported by Li Qiang of 360.cn Inc.


References:
https://bugzilla.redhat.com/show_bug.cgi?id=1366369
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6836
http://seclists.org/oss-sec/2016/q3/311
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6836.html
Comment 1 Marcus Meissner 2016-08-20 12:02:09 UTC
qemu from sle12 onwards is affected.

kvm and qemu on sle11 is not affected (does not have the function)
Comment 2 Swamp Workflow Management 2016-08-20 22:01:01 UTC
bugbot adjusting priority
Comment 3 Swamp Workflow Management 2016-10-21 17:11:20 UTC
SUSE-SU-2016:2589-1: An update that solves 19 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1000048,967012,967013,982017,982018,982019,982222,982223,982285,982959,983961,983982,991080,991466,994760,994771,994774,996441,997858,997859
CVE References: CVE-2016-2391,CVE-2016-2392,CVE-2016-4453,CVE-2016-4454,CVE-2016-5105,CVE-2016-5106,CVE-2016-5107,CVE-2016-5126,CVE-2016-5238,CVE-2016-5337,CVE-2016-5338,CVE-2016-5403,CVE-2016-6490,CVE-2016-6833,CVE-2016-6836,CVE-2016-6888,CVE-2016-7116,CVE-2016-7155,CVE-2016-7156
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    qemu-2.3.1-21.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    qemu-2.3.1-21.1
Comment 4 Swamp Workflow Management 2016-10-26 12:14:27 UTC
openSUSE-SU-2016:2642-1: An update that solves 19 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1000048,967012,967013,982017,982018,982019,982222,982223,982285,982959,983961,983982,991080,991466,994760,994771,994774,996441,997858,997859
CVE References: CVE-2016-2391,CVE-2016-2392,CVE-2016-4453,CVE-2016-4454,CVE-2016-5105,CVE-2016-5106,CVE-2016-5107,CVE-2016-5126,CVE-2016-5238,CVE-2016-5337,CVE-2016-5338,CVE-2016-5403,CVE-2016-6490,CVE-2016-6833,CVE-2016-6836,CVE-2016-6888,CVE-2016-7116,CVE-2016-7155,CVE-2016-7156
Sources used:
openSUSE Leap 42.1 (src):    qemu-2.3.1-19.3, qemu-linux-user-2.3.1-19.1, qemu-testsuite-2.3.1-19.6
Comment 5 Swamp Workflow Management 2016-11-12 07:10:01 UTC
SUSE-SU-2016:2781-1: An update that fixes 21 vulnerabilities is now available.

Category: security (moderate)
Bug References: 893323,944697,967012,967013,982017,982018,982019,982222,982223,982285,982959,983961,983982,991080,991466,994760,994771,994774,996441,997858,997859
CVE References: CVE-2014-5388,CVE-2015-6815,CVE-2016-2391,CVE-2016-2392,CVE-2016-4453,CVE-2016-4454,CVE-2016-5105,CVE-2016-5106,CVE-2016-5107,CVE-2016-5126,CVE-2016-5238,CVE-2016-5337,CVE-2016-5338,CVE-2016-5403,CVE-2016-6490,CVE-2016-6833,CVE-2016-6836,CVE-2016-6888,CVE-2016-7116,CVE-2016-7155,CVE-2016-7156
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    qemu-2.0.2-48.22.1
SUSE Linux Enterprise Server 12-LTSS (src):    qemu-2.0.2-48.22.1
Comment 6 Bruce Rogers 2017-03-08 16:49:50 UTC
Fixed.