SB2019111502 - Ubuntu update for QEMU

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019111502

SB2019111502 - Ubuntu update for QEMU

Published: November 15, 2019

Security Bulletin ID SB2019111502
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 60% Low 40%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2019-15890)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists in "ip_reass()" routine in "ip_input.c" file while reassembling incoming packets, if the first fragment is bigger than the m->m_dat[] buffer. A remote attacker can send a specially crafted packet and cause the application to crash.



2) Heap-based buffer overflow (CVE-ID: CVE-2019-14378)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the ip_reass() function in ip_input.c in libslirp. A remote authenticated attacker can send a large packet, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Improper access control (CVE-ID: CVE-2019-13164)

The vulnerability allows a local attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to qemu-bridge-helper.c does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size. A local attacker can create a tap device and attach it to a denied bridge interface, bypass the Access Control List (ACL) and get access to confidential data transmitted on the bridge.


4) NULL pointer dereference (CVE-ID: CVE-2019-12155)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in "hw/display/qxl.c". A remote attacker can perform a denial of service (DoS) attack.


5) Infinite loop (CVE-ID: CVE-2019-12068)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in lsi_execute_script() when reading empty opcode. A local user can consume all available system resources and cause denial of service conditions.


Remediation

Install update from vendor's website.

References