Bug 1340924 (CVE-2016-5126) - CVE-2016-5126 Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl
Summary: CVE-2016-5126 Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-5126
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20160524,repor...
Depends On: 1340925 1340929 1340930 1358996 1358997 1359743 1359744 1359745 1359747 1363573 1363574
Blocks: 1340774 1366416
TreeView+ depends on / blocked
 
Reported: 2016-05-30 17:36 UTC by Prasad J Pandit
Modified: 2019-06-08 21:14 UTC (History)
25 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Quick Emulator(QEMU) built with the Block driver for iSCSI images support (virtio-blk) is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl(2) calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in denial of service, or potentially leverage it to execute arbitrary code with QEMU-process privileges on the host.
Clone Of:
Environment:
Last Closed: 2016-12-15 04:35:30 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:1606 normal SHIPPED_LIVE Moderate: qemu-kvm security update 2016-08-11 23:08:14 UTC
Red Hat Product Errata RHSA-2016:1607 normal SHIPPED_LIVE Moderate: qemu-kvm-rhev security update 2016-08-12 18:11:58 UTC
Red Hat Product Errata RHSA-2016:1653 normal SHIPPED_LIVE Moderate: qemu-kvm-rhev security update 2016-08-23 10:14:36 UTC
Red Hat Product Errata RHSA-2016:1654 normal SHIPPED_LIVE Moderate: qemu-kvm-rhev security update 2016-08-23 10:14:29 UTC
Red Hat Product Errata RHSA-2016:1655 normal SHIPPED_LIVE Moderate: qemu-kvm-rhev security update 2016-08-23 10:14:21 UTC
Red Hat Product Errata RHSA-2016:1756 normal SHIPPED_LIVE Moderate: qemu-kvm-rhev security and bug fix update 2016-08-24 09:09:40 UTC
Red Hat Product Errata RHSA-2016:1763 normal SHIPPED_LIVE Moderate: qemu-kvm-rhev security update 2016-08-24 17:10:17 UTC

Description Prasad J Pandit 2016-05-30 17:36:23 UTC
Quick Emulator(Qemu) built with the Block driver for iSCSI images support
(virtio-blk) is vulnerable to a heap buffer overflow flaw. It could occur
while processing iSCSI asynchronous I/O ioctl(2) calls.

A user inside guest could use this flaw to crash the Qemu process resulting
in DoS OR potentially leverage it to execute arbitrary code with privileges
of the Qemu process on the host.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2016/05/30/6

Comment 1 Prasad J Pandit 2016-05-30 17:38:28 UTC
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1340925]

Comment 5 Fedora Update System 2016-06-25 19:25:41 UTC
qemu-2.6.0-4.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 10 errata-xmlrpc 2016-08-11 19:08:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:1606 https://rhn.redhat.com/errata/RHSA-2016-1606.html

Comment 11 errata-xmlrpc 2016-08-12 14:12:12 UTC
This issue has been addressed in the following products:

  RHEV-H and Agents for RHEL-7

Via RHSA-2016:1607 https://rhn.redhat.com/errata/RHSA-2016-1607.html

Comment 12 errata-xmlrpc 2016-08-23 06:14:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7

Via RHSA-2016:1655 https://rhn.redhat.com/errata/RHSA-2016-1655.html

Comment 13 errata-xmlrpc 2016-08-23 06:16:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7

Via RHSA-2016:1654 https://rhn.redhat.com/errata/RHSA-2016-1654.html

Comment 14 errata-xmlrpc 2016-08-23 06:17:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7

Via RHSA-2016:1653 https://rhn.redhat.com/errata/RHSA-2016-1653.html

Comment 15 errata-xmlrpc 2016-08-24 05:09:50 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 8.0 (Liberty)

Via RHSA-2016:1756 https://rhn.redhat.com/errata/RHSA-2016-1756.html

Comment 16 errata-xmlrpc 2016-08-24 13:10:47 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 9.0 (Mitaka)

Via RHSA-2016:1763 https://rhn.redhat.com/errata/RHSA-2016-1763.html


Note You need to log in before you can comment on or make changes to this bug.