Bug 1114957 - (CVE-2018-18954) VUL-0: CVE-2018-18954: qemu: ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb
(CVE-2018-18954)
VUL-0: CVE-2018-18954: qemu: ppc64: Out-of-bounds r/w stack access in pnv_lpc...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Bruce Rogers
Security Team bot
https://smash.suse.de/issue/218724/
CVSSv3:RedHat:CVE-2018-18954:4.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-11-07 06:49 UTC by Marcus Meissner
Modified: 2021-09-30 22:38 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-11-07 06:49:38 UTC
CVE-2018-18954


   Hello,

An OOB r/w buffer access issue was found in the PowerPC PowerNV LPC controller 
in 'pnv_lpc_do_eccb' routine. It could occur while performing a memory write 
operation. A guest user/process could use this flaw to crash the QEMU process 
resulting in DoS.

Upstream patch:
---------------
   -> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00446.html

This issue was reported by Moguofang of Huawei.com.

Thank you.
Comment 1 Marcus Meissner 2018-12-27 17:17:29 UTC
ping?
Comment 2 Bruce Rogers 2019-01-10 17:26:44 UTC
Fix is needed from qemu v2.8.0 on, with fix included in v3.1.0, so vulnerable releases are:
SLE12-SP3
SLE12-SP4
SLE15
Comment 3 Bruce Rogers 2019-01-26 00:16:34 UTC
Fixes checked in for mentioned releases. That should be all needed for SLE.
Comment 5 Swamp Workflow Management 2019-02-18 20:13:35 UTC
SUSE-SU-2019:0423-1: An update that solves 5 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1063993,1079730,1100408,1101982,1112646,1114957,1116717,1117275,1119493,1121600,1123156,1123179
CVE References: CVE-2018-16872,CVE-2018-18954,CVE-2018-19364,CVE-2018-19489,CVE-2019-6778
Sources used:
SUSE Linux Enterprise Module for Server Applications 15 (src):    qemu-2.11.2-9.20.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    qemu-2.11.2-9.20.1, qemu-linux-user-2.11.2-9.20.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    qemu-2.11.2-9.20.1
Comment 6 Swamp Workflow Management 2019-02-19 17:13:47 UTC
SUSE-SU-2019:0435-1: An update that solves 5 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1063993,1079730,1100408,1101982,1112646,1114957,1116717,1117275,1119493,1121600,1123156,1123179
CVE References: CVE-2018-16872,CVE-2018-18954,CVE-2018-19364,CVE-2018-19489,CVE-2019-6778
Sources used:
SUSE Linux Enterprise Server 12-SP4 (src):    qemu-2.11.2-5.8.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    qemu-2.11.2-5.8.1
Comment 7 Swamp Workflow Management 2019-02-27 11:22:25 UTC
openSUSE-SU-2019:0254-1: An update that solves 5 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1063993,1079730,1100408,1101982,1112646,1114957,1116717,1117275,1119493,1121600,1123156,1123179
CVE References: CVE-2018-16872,CVE-2018-18954,CVE-2018-19364,CVE-2018-19489,CVE-2019-6778
Sources used:
openSUSE Leap 15.0 (src):    qemu-2.11.2-lp150.7.18.1, qemu-linux-user-2.11.2-lp150.7.18.1, qemu-testsuite-2.11.2-lp150.7.18.1
Comment 8 Swamp Workflow Management 2019-03-11 23:09:57 UTC
SUSE-SU-2019:0582-1: An update that solves 8 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1056334,1056386,1084604,1113231,1114957,1116717,1117275,1119493,1121600,1123156
CVE References: CVE-2017-13672,CVE-2017-13673,CVE-2018-16872,CVE-2018-18954,CVE-2018-19364,CVE-2018-19489,CVE-2018-7858,CVE-2019-6778
Sources used:
SUSE Linux Enterprise Server 12-SP3 (src):    qemu-2.9.1-6.28.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    qemu-2.9.1-6.28.1
SUSE CaaS Platform ALL (src):    qemu-2.9.1-6.28.1
SUSE CaaS Platform 3.0 (src):    qemu-2.9.1-6.28.1
Comment 9 Swamp Workflow Management 2019-03-28 23:10:16 UTC
openSUSE-SU-2019:1074-1: An update that solves 8 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1056334,1056386,1084604,1113231,1114957,1116717,1117275,1119493,1121600,1123156
CVE References: CVE-2017-13672,CVE-2017-13673,CVE-2018-16872,CVE-2018-18954,CVE-2018-19364,CVE-2018-19489,CVE-2018-7858,CVE-2019-6778
Sources used:
openSUSE Leap 42.3 (src):    qemu-2.9.1-56.1, qemu-linux-user-2.9.1-56.1, qemu-testsuite-2.9.1-56.2

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.