Bug 1794290 (CVE-2020-1711) - CVE-2020-1711 QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server
Summary: CVE-2020-1711 QEMU: block: iscsi: OOB heap access via an unexpected response ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-1711
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1794494 1794498 1794499 1794500 1794501 1794502 1794503 1794504 1794505 1794514 1794515 1794524 1794587 1798013 1798014 1798015 1798017 1798018 1798019 1798020 1798021 1798022 1798023 1798024 1798025
Blocks: 1792846
TreeView+ depends on / blocked
 
Reported: 2020-01-23 08:11 UTC by Prasad J Pandit
Modified: 2020-07-15 11:47 UTC (History)
41 users (show)

Fixed In Version: QEMU 4.2.1
Doc Type: Bug Fix
Doc Text:
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.
Clone Of:
Environment:
Last Closed: 2020-03-03 22:32:27 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:0669 None None None 2020-03-03 15:18:18 UTC
Red Hat Product Errata RHSA-2020:0730 None None None 2020-03-05 15:04:57 UTC
Red Hat Product Errata RHSA-2020:0731 None None None 2020-03-05 15:38:16 UTC
Red Hat Product Errata RHSA-2020:0773 None None None 2020-03-10 10:38:20 UTC
Red Hat Product Errata RHSA-2020:1150 None None None 2020-03-31 19:28:20 UTC
Red Hat Product Errata RHSA-2020:1216 None None None 2020-03-31 14:34:58 UTC
Red Hat Product Errata RHSA-2020:1296 None None None 2020-04-02 10:02:04 UTC
Red Hat Product Errata RHSA-2020:1300 None None None 2020-04-02 10:26:31 UTC
Red Hat Product Errata RHSA-2020:1352 None None None 2020-04-07 10:28:23 UTC
Red Hat Product Errata RHSA-2020:1358 None None None 2020-04-07 14:11:31 UTC
Red Hat Product Errata RHSA-2020:1505 None None None 2020-04-21 09:06:55 UTC
Red Hat Product Errata RHSA-2020:2472 None None None 2020-06-10 09:25:34 UTC

Description Prasad J Pandit 2020-01-23 08:11:12 UTC
An out-of-bounds heap buffer access issue was found in the way iSCSI Block driver
in QEMU handled response coming from an iSCSI server, while checking
status of a Logical Address Block (LBA) in iscsi_co_block_status() routine.

A remote user could use this flaw to crash the QEMU process resulting in DoS OR
potentially execute arbitrary code with privileges of the QEMU process on the
host.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html

Reference:
----------
  -> https://www.openwall.com/lists/oss-security/2020/01/23/3

Comment 2 Prasad J Pandit 2020-01-23 17:36:32 UTC
Acknowledgments:

Name: Felipe Franciosi (nutanix.com), Raphael Norwitz (nutanix.com), Peter Turschmid (nutanix.com)

Comment 3 Prasad J Pandit 2020-01-23 17:36:55 UTC
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1794494]

Comment 6 Prasad J Pandit 2020-01-23 18:30:18 UTC
Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1794524]

Comment 7 Prasad J Pandit 2020-01-23 18:34:22 UTC
Statement:

This issue affects the versions of the qemu-kvm package as shipped with Red Hat Enterprise Linux 8, Red Hat OpenStack, Red Hat Virtualization and Red Hat Enterprise Linux Advanced Virtualization 8.

Comment 8 spower 2020-02-03 14:35:31 UTC
Hi, do we have an update on this issue as it will affect our container grades. Is someone actively working on a fix?

Comment 11 errata-xmlrpc 2020-03-03 15:18:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2020:0669 https://access.redhat.com/errata/RHSA-2020:0669

Comment 12 Product Security DevOps Team 2020-03-03 22:32:27 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-1711

Comment 13 errata-xmlrpc 2020-03-05 15:04:54 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization Engine 4.2

Via RHSA-2020:0730 https://access.redhat.com/errata/RHSA-2020:0730

Comment 14 errata-xmlrpc 2020-03-05 15:38:14 UTC
This issue has been addressed in the following products:

  Advanced Virtualization for RHEL 8.1.1

Via RHSA-2020:0731 https://access.redhat.com/errata/RHSA-2020:0731

Comment 15 errata-xmlrpc 2020-03-10 10:38:16 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS

Via RHSA-2020:0773 https://access.redhat.com/errata/RHSA-2020:0773

Comment 16 errata-xmlrpc 2020-03-31 14:34:50 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
  Red Hat Virtualization Engine 4.3

Via RHSA-2020:1216 https://access.redhat.com/errata/RHSA-2020:1216

Comment 17 errata-xmlrpc 2020-03-31 19:28:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:1150 https://access.redhat.com/errata/RHSA-2020:1150

Comment 19 errata-xmlrpc 2020-04-02 10:01:54 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 13.0 (Queens)

Via RHSA-2020:1296 https://access.redhat.com/errata/RHSA-2020:1296

Comment 20 errata-xmlrpc 2020-04-02 10:26:24 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 10.0 (Newton)

Via RHSA-2020:1300 https://access.redhat.com/errata/RHSA-2020:1300

Comment 21 errata-xmlrpc 2020-04-07 10:27:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Extended Update Support

Via RHSA-2020:1352 https://access.redhat.com/errata/RHSA-2020:1352

Comment 22 errata-xmlrpc 2020-04-07 14:11:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1358 https://access.redhat.com/errata/RHSA-2020:1358

Comment 24 errata-xmlrpc 2020-04-21 09:06:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2020:1505 https://access.redhat.com/errata/RHSA-2020:1505

Comment 25 errata-xmlrpc 2020-06-10 09:25:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:2472 https://access.redhat.com/errata/RHSA-2020:2472


Note You need to log in before you can comment on or make changes to this bug.