Bug 1810390 (CVE-2019-20382) - CVE-2019-20382 QEMU: vnc: memory leakage upon disconnect
Summary: CVE-2019-20382 QEMU: vnc: memory leakage upon disconnect
Keywords:
Status: NEW
Alias: CVE-2019-20382
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1788421 1810391 1810408 1810409 1810410 1810411 1816763
Blocks: 1810201
TreeView+ depends on / blocked
 
Reported: 2020-03-05 06:50 UTC by Prasad J Pandit
Modified: 2020-03-24 16:51 UTC (History)
35 users (show)

Fixed In Version: qemu-4.2.0
Doc Type: If docs needed, set a value
Doc Text:
A memory leakage flaw was found in the way the VNC display driver of QEMU handled the connection disconnect when ZRLE and Tight encoding are enabled. Two VncState objects are created, and one allocates memory for the Zlib's data object. This allocated memory is not freed upon disconnection, resulting in a memory leak. An attacker able to connect to the VNC server could use this flaw to leak host memory, leading to a potential denial of service.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Prasad J Pandit 2020-03-05 06:50:03 UTC
A memory leakage flaw was found in the way VNC display driver of QEMU handled connection disconnect, when ZRLE, Tight encoding is enabled. It creates two vncState objects, one of which allocates memory for Zlib's data object. This allocated memory is not free'd upon disconnection resulting in the said memory leakage issue. A user able to connect to the VNC server could use this flaw to leak host memory leading to a potential DoS scenario.

Upstream patch:
---------------
  -> https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0

Comment 1 Prasad J Pandit 2020-03-05 06:50:40 UTC
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1810391]

Comment 3 Mauro Matteo Cascella 2020-03-24 16:10:15 UTC
Statement:

This flaw did not affect the versions of `qemu-kvm` as shipped with Red Hat Enterprise Linux 6 as they did not include the vulnerable code.


Note You need to log in before you can comment on or make changes to this bug.