Bug 1525195 (CVE-2017-15124) - CVE-2017-15124 Qemu: memory exhaustion through framebuffer update request message in VNC server
Summary: CVE-2017-15124 Qemu: memory exhaustion through framebuffer update request mes...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2017-15124
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1526238 1526239 1526240 1526247 1526248 1526249 1527385 1527386 1527401 1527403 1527404 1527405 1527406 1527407 1527408 1527409
Blocks: 1525198
TreeView+ depends on / blocked
 
Reported: 2017-12-12 18:24 UTC by Pedro Sampaio
Modified: 2021-02-17 01:06 UTC (History)
42 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.
Clone Of:
Environment:
Last Closed: 2019-06-08 03:34:08 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:0816 0 None None None 2018-04-10 08:24:54 UTC
Red Hat Product Errata RHSA-2018:1104 0 None None None 2018-04-10 18:59:56 UTC
Red Hat Product Errata RHSA-2018:1113 0 None None None 2018-04-11 18:05:10 UTC
Red Hat Product Errata RHSA-2018:3062 0 None None None 2018-10-30 07:28:30 UTC

Description Pedro Sampaio 2017-12-12 18:24:58 UTC
VNC server implementation in Quick Emulator(QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data.

A malicious VNC client could use this flaw to cause DoS on the remote server host.

Upstream fix(es):
-----------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03715.html
  -> https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03713.html
  -> https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03711.html

Thread:
-------
  -> https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03705.html

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2017/12/19/4

Comment 1 Pedro Sampaio 2017-12-12 18:25:14 UTC
Acknowledgments:

Name: Daniel Berrange (Red Hat)

Comment 5 Prasad Pandit 2017-12-19 10:35:50 UTC
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1527386]


Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1527385]

Comment 15 errata-xmlrpc 2018-04-10 08:24:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0816 https://access.redhat.com/errata/RHSA-2018:0816

Comment 16 errata-xmlrpc 2018-04-10 18:59:36 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for RHEL-7

Via RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:1104

Comment 17 errata-xmlrpc 2018-04-11 18:04:56 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 10.0 (Newton)
  Red Hat OpenStack Platform 11.0 (Ocata)
  Red Hat OpenStack Platform 8.0 (Liberty)
  Red Hat OpenStack Platform 9.0 (Mitaka)
  Red Hat OpenStack Platform 12.0 (Pike)

Via RHSA-2018:1113 https://access.redhat.com/errata/RHSA-2018:1113

Comment 18 errata-xmlrpc 2018-10-30 07:28:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3062 https://access.redhat.com/errata/RHSA-2018:3062


Note You need to log in before you can comment on or make changes to this bug.