Bug 1358359 (CVE-2016-5403)
Summary: | CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Martin Prpič <mprpic> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | unspecified | CC: | alonbl, aortega, apevec, areis, ayoung, bmcclain, c.hendrickson09, chrisw, cvsbot-xmlrpc, dblechte, furlongm, gklein, gmollett, jen, jschluet, kamfonik, kbasil, knoel, lhh, lpeer, markmc, mgoldboi, michal.skrivanek, mkenneth, moshele, mrezanin, mst, pbonzini, ppandit, rbalakri, rbryant, sclewis, security-response-team, sherold, slong, sparks, srevivo, tdecacqu, virt-maint, wmealing, ykaul, ylavi | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: |
Quick Emulator (QEMU) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement results in unbounded memory allocation on the host controlled by the guest.
|
Story Points: | --- | ||||
Clone Of: | Environment: | ||||||
Last Closed: | 2016-12-15 04:37:12 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 1359723, 1359724, 1359725, 1359726, 1359727, 1359728, 1359729, 1359731, 1359733, 1359742, 1359743, 1359744, 1359745, 1359747, 1360830, 1360831, 1363573, 1363574 | ||||||
Bug Blocks: | 1357541, 1366416 | ||||||
Attachments: |
|
Description
Martin Prpič
2016-07-20 14:56:16 UTC
Acknowledgments: Name: hongzhenhao (Marvel Team) Created attachment 1182139 [details] CVE-2016-5403 patch Created xen tracking bugs for this issue: Affects: fedora-all [bug 1360831] Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1360830] xen-4.6.3-4.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. xen-4.5.3-9.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following products: RHEV-H and Agents for RHEL-6 Via RHSA-2016:1586 https://rhn.redhat.com/errata/RHSA-2016-1586.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:1585 https://rhn.redhat.com/errata/RHSA-2016-1585.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1606 https://rhn.redhat.com/errata/RHSA-2016-1606.html This issue has been addressed in the following products: RHEV-H and Agents for RHEL-7 Via RHSA-2016:1607 https://rhn.redhat.com/errata/RHSA-2016-1607.html This update seems to cause an issue with live-migration in OpenStack. After installing this update, I'm seeing the exact same issue as described here: https://www.redhat.com/archives/libvir-list/2016-August/msg00406.html This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 Via RHSA-2016:1655 https://rhn.redhat.com/errata/RHSA-2016-1655.html This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 Via RHSA-2016:1654 https://rhn.redhat.com/errata/RHSA-2016-1654.html This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 Via RHSA-2016:1653 https://rhn.redhat.com/errata/RHSA-2016-1653.html This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 Via RHSA-2016:1652 https://rhn.redhat.com/errata/RHSA-2016-1652.html We're also seeing the issue described here: https://www.redhat.com/archives/libvir-list/2016-August/msg00406.html If you guys would prefer this submitted in another bug report or elsewhere please let me know, but we're for sure affected by qemu exiting upon live migrating. This issue has been addressed in the following products: Red Hat OpenStack Platform 8.0 (Liberty) Via RHSA-2016:1756 https://rhn.redhat.com/errata/RHSA-2016-1756.html This issue has been addressed in the following products: Red Hat OpenStack Platform 9.0 (Mitaka) Via RHSA-2016:1763 https://rhn.redhat.com/errata/RHSA-2016-1763.html We're seeing the same issue reported above with guest shutdown with "Virtqueue size exceeded" after migration. Should a new bug be opened about this patch breaking live migration? For those following this for the live migration issue, a new bug has been opened: https://bugzilla.redhat.com/show_bug.cgi?id=1371943 This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2016:1943 https://rhn.redhat.com/errata/RHSA-2016-1943.html I will needinfo Prasad J Pandit as he has done the investigation. It might be best to lodge a ticket in parallel with support to get this resolved faster. Thanks. Wade Mealing (In reply to Marcus Furlong from comment #26) > Should a new bug be opened about this patch breaking live migration? Yes, opening another bug was the right thing to do. I see that a fix has been shipped and others are in queue. Thank you. |