SB2020101311 - OpenSUSE Linux update for qemu

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020101311

SB2020101311 - OpenSUSE Linux update for qemu

Published: October 13, 2020

Security Bulletin ID SB2020101311
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Medium 75% Low 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2020-14364)

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to a boundary error within the USB emulator in QEMU. A remote user with access to guest operating system on the guest operating system can send specially crafted USB packets, trigger out-of-bounds write and execute arbitrary code on the host system.


2) Stack-based buffer overflow (CVE-ID: CVE-2020-15863)

The vulnerability allows a local user to execute arbitrary code on the target system with elevated privileges.

The vulnerability exists due to a boundary error when processing packets in xgmac_enet_send() in hw/net/xgmac.c. A local user on the guest operating system can send a specially crafted request to the application, trigger stack-based buffer overflow and execute arbitrary code on the target system with elevated privileges.


3) Reachable Assertion (CVE-ID: CVE-2020-16092)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when processing certain network packets on "e1000e" and "vmxnet3" devices in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c. A remote attacker on a guest operating system can send a specially crafted packet that will result in hypervisor crash.


4) Out-of-bounds write (CVE-ID: CVE-2020-24352)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the ATI VGA device implementation of the QEMU emulator incide of the ati_2d_blt() routine while handling MMIO write operations through the ati_mm_write() callback. A local privileged user on a guest operating system can run a specially crafted program to trigger out-of-bounds write and crash the QEMU process.


Remediation

Install update from vendor's website.

References