Bug 1794290 (CVE-2020-1711)
Summary: | CVE-2020-1711 QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Prasad Pandit <ppandit> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | ailan, amit, areis, berrange, cfergeau, coli, dbecker, drjones, dwmw2, imammedo, itamar, jen, jferlan, jforbes, jinzhao, jjoyce, jmaloy, jschluet, juzhang, kbasil, knoel, lhh, lpeer, m.a.young, mburns, mkenneth, mrezanin, mst, pbonzini, rbalakri, ribarry, rjones, robinlee.sysu, sclewis, security-response-team, slinaber, spower, virt-maint, virt-maint, vkuznets, xen-maint |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | QEMU 4.2.1 | Doc Type: | Bug Fix |
Doc Text: |
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-03-03 22:32:27 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1794494, 1794498, 1794499, 1794500, 1794501, 1794502, 1794503, 1794504, 1794505, 1794514, 1794515, 1794524, 1794587, 1798013, 1798014, 1798015, 1798017, 1798018, 1798019, 1798020, 1798021, 1798022, 1798023, 1798024, 1798025 | ||
Bug Blocks: | 1792846 |
Description
Prasad Pandit
2020-01-23 08:11:12 UTC
Acknowledgments: Name: Felipe Franciosi (nutanix.com), Raphael Norwitz (nutanix.com), Peter Turschmid (nutanix.com) Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1794494] Created xen tracking bugs for this issue: Affects: fedora-all [bug 1794524] Statement: This issue affects the versions of the qemu-kvm package as shipped with Red Hat Enterprise Linux 8, Red Hat OpenStack, Red Hat Virtualization and Red Hat Enterprise Linux Advanced Virtualization 8. Hi, do we have an update on this issue as it will affect our container grades. Is someone actively working on a fix? This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:0669 https://access.redhat.com/errata/RHSA-2020:0669 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-1711 This issue has been addressed in the following products: Red Hat Virtualization Engine 4.2 Via RHSA-2020:0730 https://access.redhat.com/errata/RHSA-2020:0730 This issue has been addressed in the following products: Advanced Virtualization for RHEL 8.1.1 Via RHSA-2020:0731 https://access.redhat.com/errata/RHSA-2020:0731 This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS Via RHSA-2020:0773 https://access.redhat.com/errata/RHSA-2020:0773 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Red Hat Virtualization Engine 4.3 Via RHSA-2020:1216 https://access.redhat.com/errata/RHSA-2020:1216 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1150 https://access.redhat.com/errata/RHSA-2020:1150 This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Via RHSA-2020:1296 https://access.redhat.com/errata/RHSA-2020:1296 This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2020:1300 https://access.redhat.com/errata/RHSA-2020:1300 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:1352 https://access.redhat.com/errata/RHSA-2020:1352 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1358 https://access.redhat.com/errata/RHSA-2020:1358 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2020:1505 https://access.redhat.com/errata/RHSA-2020:1505 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:2472 https://access.redhat.com/errata/RHSA-2020:2472 |