Red Hat Enterprise Linux 7 update for qemu-kvm-ma



Published: 2020-04-01
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2020-1711
CVE-2020-7039
CWE-ID CWE-122
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Red Hat Enterprise Linux for Power, little endian
Operating systems & Components / Operating system

Red Hat Enterprise Linux for Power, big endian
Operating systems & Components / Operating system

Red Hat Enterprise Linux for IBM z Systems
Operating systems & Components / Operating system

qemu-kvm-ma (Red Hat package)
Operating systems & Components / Operating system package or component

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Heap-based buffer overflow

EUVDB-ID: #VU25510

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-1711

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a boundary error in the way the iSCSI Block driver handles a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an "iscsi_co_block_status()" routine. A remote authenticated attacker can trigger heap-based buffer overflow and cause a denial of service condition or potentially execute arbitrary code with privileges of the QEMU process on the host.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

qemu-kvm-ma (Red Hat package): before 2.12.0-44.el7


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:1150

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Heap-based buffer overflow

EUVDB-ID: #VU25458

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-7039

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows an attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the tcp_emu() function in tcp_subr.c in libslirp. An attacker can issue specially crafted IRC DCC commands in EMU_IRC, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

qemu-kvm-ma (Red Hat package): before 2.12.0-44.el7


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:1150

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###