SB2019111432 - OpenSUSE Linux update for qemu
Published: November 14, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2018-12207)
The vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the mechanism responsible for error handling on some Intel platforms. A local user of a guest operating system can use a specially crafted application to trigger memory corruption and cause the host system to stop responding.
Successful exploitation of this vulnerability may result in a denial of service (DoS) attack.
Below is the list of processor families that are affected by this vulnerability:
Client:
- Intel Core i3 Processors
- Intel Core i5 Processors
- Intel Core i7 Processors
- Intel Core m Processor Family
- 2nd generation Intel Core Processors
- 3rd generation Intel Core Processors
- 4th generation Intel Core Processors
- 5th generation Intel Core Processors
- 6th generation Intel Core Processors
- 7th generation Intel Core Processors
- 8th generation Intel Core Processors
- Intel Core X-series Processor Family
- Intel Pentium Gold Processor Series
- Intel Celeron Processor G Series
Server:
- 2nd Generation Intel Xeon Scalable Processors
- Intel Xeon Scalable Processors
- Intel Xeon Processor E7 v4 Family
- Intel Xeon Processor E7 v3 Family
- Intel Xeon Processor E7 v2 Family
- Intel Xeon Processor E7 Family
- Intel Xeon Processor E5 v4 Family
- Intel Xeon Processor E5 v3 Family
- Intel Xeon Processor E5 v2 Family
- Intel Xeon Processor E5 Family
- Intel Xeon Processor E3 v6 Family
- Intel Xeon Processor E3 v5 Family
- Intel Xeon Processor E3 v4 Family
- Intel Xeon Processor E3 v3 Family
- Intel Xeon Processor E3 v2 Family
- Intel Xeon Processor E3 Family
- Intel Xeon E Processor
- Intel Xeon D Processor
- Intel Xeon W Processor
- Legacy Intel Xeon Processor
2) Memory leak (CVE-ID: CVE-2018-20126)
The vulnerability allows a local attacker to cause DoS condition on the target system.The vulnerability exists due to memory leakage issue in hw/rdma/vmw/pvrdma_cmd.c when errors are mishandled. A local attacker can create_cq and create_qp memory leaks, resulting in DoS.
3) Resource management error (CVE-ID: CVE-2019-11135)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the TSX Asynchronous Abort (TAA) in Intel CPUs. The TAA condition, on some microprocessors utilizing speculative execution, may allow an authenticated user to potentially enable information disclosure via a side channel.4) Infinite loop (CVE-ID: CVE-2019-12068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in lsi_execute_script() when reading empty opcode. A local user can consume all available system resources and cause denial of service conditions.
5) Heap-based buffer overflow (CVE-ID: CVE-2019-14378)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the ip_reass() function in ip_input.c in libslirp. A remote authenticated attacker can send a large packet, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Use-after-free (CVE-ID: CVE-2019-15890)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists in "ip_reass()" routine in "ip_input.c" file while reassembling incoming packets, if the first fragment is bigger than the m->m_dat[] buffer. A remote attacker can send a specially crafted packet and cause the application to crash.
Remediation
Install update from vendor's website.