Quick Emulator(Qemu) built with the I/O channels websockets support is vulnerable to a memory leakage issue. It could occur while sending screen updates to a client, which is slow to read and process them further. A privileged guest user could use this flaw to cause a DoS on the host and/or potentially crash the Qemu process instance on the host. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02278.html References: ----------- -> https://bugs.launchpad.net/bugs/1718964 -> http://www.openwall.com/lists/oss-security/2017/10/12/4
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1496882] Created xen tracking bugs for this issue: Affects: fedora-all [bug 1496881]
Closing as wontfix. OSP12 should consume from platform and will take the packages, fixed or not from there. Reasoning: Openstack uses websockify.py to provide the websockets for the vnc console (as consumed by novnc in dashboard). The default qemu command, as run by OpenStack is as follows: "/usr/libexec/qemu-kvm -name ..... -vnc 0.0.0.0:0 ..... -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5 -msg timestamp=on" The bug is in the websocket portion of vnc provided by qemu, which is not used by OpenStack by default.
*** Bug 1500749 has been marked as a duplicate of this bug. ***
*** Bug 1500751 has been marked as a duplicate of this bug. ***
At first, we thought the bug is in QEMU's websocket code, so we tried to use a standalone websocket proxy (websockify). Unfortunately, problems persisted. We also tried various other VNC servers (with websockify), all of them works fine. It seems that the underlying problem is in the QEMU's VNC/RFB implementation. Therefore, if you use OpenStack, you will also experience memory exhaustion on the controller node(which nova-novncproxy/websockify runs on by default).
qemu-2.9.1-2.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
qemu-2.10.1-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:0816 https://access.redhat.com/errata/RHSA-2018:0816
This issue has been addressed in the following products: Red Hat Virtualization 4 for RHEL-7 Via RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:1104