Bug 1810390 (CVE-2019-20382)
Summary: | CVE-2019-20382 QEMU: vnc: memory leakage upon disconnect | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Prasad Pandit <ppandit> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | ailan, amit, areis, berrange, cfergeau, dbecker, drjones, dwmw2, imammedo, itamar, jen, jferlan, jforbes, jjoyce, jmaloy, jschluet, kbasil, knoel, lhh, lpeer, m.a.young, mburns, mkenneth, mrezanin, mst, pbonzini, ribarry, rjones, robinlee.sysu, sclewis, slinaber, virt-maint, virt-maint, vkuznets, xen-maint |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | qemu-4.2.0 | Doc Type: | If docs needed, set a value |
Doc Text: |
A memory leakage flaw was found in the way the VNC display driver of QEMU handled the connection disconnect when ZRLE and Tight encoding are enabled. Two VncState objects are created, and one allocates memory for the Zlib's data object. This allocated memory is not freed upon disconnection, resulting in a memory leak. An attacker able to connect to the VNC server could use this flaw to leak host memory, leading to a potential denial of service.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-06-30 17:20:30 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1788421, 1810391, 1810408, 1810409, 1810410, 1810411, 1816763, 1869488 | ||
Bug Blocks: | 1810201 |
Description
Prasad Pandit
2020-03-05 06:50:03 UTC
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1810391] Statement: This flaw did not affect the versions of `qemu-kvm` as shipped with Red Hat Enterprise Linux 6 as they did not include the vulnerable code. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:2774 https://access.redhat.com/errata/RHSA-2020:2774 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-20382 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Red Hat Virtualization Engine 4.3 Via RHSA-2020:3267 https://access.redhat.com/errata/RHSA-2020:3267 External References: https://www.openwall.com/lists/oss-security/2020/03/05/1 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3906 https://access.redhat.com/errata/RHSA-2020:3906 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3907 https://access.redhat.com/errata/RHSA-2020:3907 This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS Via RHSA-2020:4167 https://access.redhat.com/errata/RHSA-2020:4167 |