Bug 1794290 (CVE-2020-1711) - CVE-2020-1711 QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server
Summary: CVE-2020-1711 QEMU: block: iscsi: OOB heap access via an unexpected response ...
Keywords:
Status: NEW
Alias: CVE-2020-1711
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1794494 1794498 1794499 1794500 1794501 1794502 1794503 1794504 1794505 1794514 1794515 1794524 1794587 1798013 1798014 1798015 1798018 1798019 1798020 1798024 1798025 1798017 1798021 1798022 1798023
Blocks: 1792846
TreeView+ depends on / blocked
 
Reported: 2020-01-23 08:11 UTC by Prasad J Pandit
Modified: 2020-02-13 21:05 UTC (History)
40 users (show)

Fixed In Version: QEMU 4.2.1
Doc Type: Bug Fix
Doc Text:
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Prasad J Pandit 2020-01-23 08:11:12 UTC
An out-of-bounds heap buffer access issue was found in the way iSCSI Block driver
in QEMU handled response coming from an iSCSI server, while checking
status of a Logical Address Block (LBA) in iscsi_co_block_status() routine.

A remote user could use this flaw to crash the QEMU process resulting in DoS OR
potentially execute arbitrary code with privileges of the QEMU process on the
host.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html

Reference:
----------
  -> https://www.openwall.com/lists/oss-security/2020/01/23/3

Comment 2 Prasad J Pandit 2020-01-23 17:36:32 UTC
Acknowledgments:

Name: Felipe Franciosi (nutanix.com), Raphael Norwitz (nutanix.com), Peter Turschmid (nutanix.com)

Comment 3 Prasad J Pandit 2020-01-23 17:36:55 UTC
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1794494]

Comment 6 Prasad J Pandit 2020-01-23 18:30:18 UTC
Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1794524]

Comment 7 Prasad J Pandit 2020-01-23 18:34:22 UTC
Statement:

This issue affects the versions of the qemu-kvm package as shipped with Red Hat Enterprise Linux 8, Red Hat OpenStack, Red Hat Virtualization and Red Hat Enterprise Linux Advanced Virtualization 8.

Comment 8 spower 2020-02-03 14:35:31 UTC
Hi, do we have an update on this issue as it will affect our container grades. Is someone actively working on a fix?


Note You need to log in before you can comment on or make changes to this bug.