SB2019042505 - OpenSUSE Linux update for qemu

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019042505

SB2019042505 - OpenSUSE Linux update for qemu

Published: April 25, 2019

Security Bulletin ID SB2019042505
CSH Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 25% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2018-20815)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the deprecated "load_image" function, as defined in the "device_tree.c" file. A remote attacker can submit a large image file to the affected system, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Out-of-bounds read (CVE-ID: CVE-2019-3812)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to an out-of-bounds read condition in the i2c_ddc() function, as defined in the hw/i2c/i2c-ddc.c source code file. A local attacker can execute malicious i2c commands, trigger an out-of-bounds read condition and access sensitive information on a targeted system.


3) Improper access control (CVE-ID: CVE-2019-8934)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to gain unauthorized access to sensitive information.

The vulnerability exists due to improper access restrictions in the hw/ppc/spapr.c in the way hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes. A local user from guest operating system can gain access to sensitive information on the host operating system.

4) Memory leak (CVE-ID: CVE-2019-9824)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to gain access to sensitive information on the system.

The vulnerability exists due memory leak within the SLiRP networking implementation. A local user can read uninitialised stack memory contents.


Remediation

Install update from vendor's website.

References