Bug 1869201 (CVE-2020-14364)
Summary: | CVE-2020-14364 QEMU: usb: out-of-bounds r/w access issue while processing usb packets | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Prasad Pandit <ppandit> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | ailan, berrange, cchen, cewang, cfergeau, coli, dbecker, dblechte, dfediuck, dmoppert, drjones, eedri, imammedo, itamar, jen, jferlan, jforbes, jinjli, jjoyce, jmaloy, jschluet, kbasil, kchamart, knoel, kraxel, lhh, lpeer, m.a.young, mburns, mdeng, mgoldboi, michal.skrivanek, mkenneth, mrezanin, mst, nlevy, ntait, ondrejj, pbonzini, philmd, qzhang, ribarry, rjones, robinlee.sysu, sbonazzo, sclewis, security-response-team, sherold, slinaber, snikolov, virt-maint, virt-maint, vkuznets, xen-maint, yduan, yjog, yturgema |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | Flags: | jmaloy:
needinfo-
|
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | QEMU-5.2.0 | Doc Type: | If docs needed, set a value |
Doc Text: |
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-09-29 08:40:52 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1869684, 1869686, 1869687, 1869688, 1869689, 1869690, 1869691, 1869692, 1869693, 1869694, 1869695, 1869696, 1869697, 1869698, 1869699, 1869700, 1869701, 1869703, 1869704, 1869705, 1869706, 1869707, 1869708, 1869709, 1869710, 1869711, 1869712, 1869713, 1869714, 1869715, 1869716, 1869718, 1871849, 1871850, 1873313, 1877667, 1878008, 1878044, 1878045, 1878684, 1910680 | ||
Bug Blocks: | 1868610 |
Description
Prasad Pandit
2020-08-17 09:33:31 UTC
Acknowledgments: Name: Xiao Wei (360.com), Ziming Zhang External References: https://www.openwall.com/lists/oss-security/2020/08/24/3 https://www.openwall.com/lists/oss-security/2020/08/24/2 Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1871849] Created xen tracking bugs for this issue: Affects: fedora-all [bug 1871850] Mitigation: Using Libvirt management interface to manage guest VMs significantly reduces impact of this issue. Libvirt starts each guest process with an unprivileged system user(ex. qemu) privileges and further confines the process with strict sVirt and SELinux policies. * https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_security_guide/ Statement: This issue affects the version of the qemu-kvm package as shipped with the Red Hat Enterprise Linux 6, 7 and 8. Future qemu-kvm package updates for Red Hat Enterprise Linux 6, 7 and 8 may address this issue. Red Hat Enterprise Linux 5 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in its future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. Red Hat OpenStack Platform 15 and newer consume fixes directly from the Red Hat Enterprise Linux 8 Advanced Virtualization repository. This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:4058 https://access.redhat.com/errata/RHSA-2020:4058 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 Advanced Update Support Via RHSA-2020:4054 https://access.redhat.com/errata/RHSA-2020:4054 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Advanced Update Support Via RHSA-2020:4055 https://access.redhat.com/errata/RHSA-2020:4055 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Via RHSA-2020:4048 https://access.redhat.com/errata/RHSA-2020:4048 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:4049 https://access.redhat.com/errata/RHSA-2020:4049 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-14364 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Red Hat Enterprise Linux 7.3 Telco Extended Update Support Via RHSA-2020:4050 https://access.redhat.com/errata/RHSA-2020:4050 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2020:4051 https://access.redhat.com/errata/RHSA-2020:4051 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:4047 https://access.redhat.com/errata/RHSA-2020:4047 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4059 https://access.redhat.com/errata/RHSA-2020:4059 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:4052 https://access.redhat.com/errata/RHSA-2020:4052 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:4053 https://access.redhat.com/errata/RHSA-2020:4053 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4078 https://access.redhat.com/errata/RHSA-2020:4078 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4079 https://access.redhat.com/errata/RHSA-2020:4079 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Red Hat Virtualization Engine 4.3 Via RHSA-2020:4111 https://access.redhat.com/errata/RHSA-2020:4111 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Red Hat Virtualization Engine 4.3 Via RHSA-2020:4111 https://access.redhat.com/errata/RHSA-2020:4111 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Red Hat Virtualization Engine 4.3 Via RHSA-2020:4111 https://access.redhat.com/errata/RHSA-2020:4111 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2020:4115 https://access.redhat.com/errata/RHSA-2020:4115 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:4162 https://access.redhat.com/errata/RHSA-2020:4162 This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS Via RHSA-2020:4167 https://access.redhat.com/errata/RHSA-2020:4167 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2020:4172 https://access.redhat.com/errata/RHSA-2020:4172 This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2020:4176 https://access.redhat.com/errata/RHSA-2020:4176 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:4056 https://access.redhat.com/errata/RHSA-2020:4056 This issue has been addressed in the following products: Advanced Virtualization for RHEL 8.2.1 Via RHSA-2020:4291 https://access.redhat.com/errata/RHSA-2020:4291 This issue has been addressed in the following products: Advanced Virtualization for RHEL 8.1.1 Via RHSA-2020:4290 https://access.redhat.com/errata/RHSA-2020:4290 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days |