Summary: | <app-emulation/qemu-2.7.0: display: vmsvga: infinite loop in vmsvga_fifo_run() routine (CVE-2016-{4453,4454}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | qemu+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2016/05/30/2 | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 592430 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2016-05-30 08:57:51 UTC
CVE-2016-4454 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4454): The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read. CVE-2016-4453 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4453): The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command. (In reply to GLSAMaker/CVETool Bot from comment #1) > CVE-2016-4454 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4454): > The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows > local guest OS administrators to obtain sensitive host memory information > or > cause a denial of service (QEMU process crash) by changing FIFO registers > and issuing a VGA command, which triggers an out-of-bounds read. > http://git.qemu.org/?p=qemu.git;a=commit;h=521360267876d3b6518b328051a2e56bca55bef8 > CVE-2016-4453 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4453): > The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows > local > guest OS administrators to cause a denial of service (infinite loop and > QEMU > process crash) via a VGA command. http://git.qemu.org/?p=qemu.git;a=commit;h=4e68a0ee17dad7b8d870df0081d4ab2e079016c2 Fixed in at least version 2.7.0. Stabilization of 2.7.0 in #592430 commit 671df1de7a8611d59307ffcd448af451c15003ed Author: Matthias Maier <tamiko@gentoo.org> Date: Sun Sep 4 23:25:32 2016 -0500 app-emulation/qemu: version bump to 2.7.0, various security fixes 3af9187fc6caaf415ab9c0c6d92c9678f65cb17f -> CVE-2016-4001, bug #579734 3a15cc0e1ee7168db0782133d2607a6bfa422d66 -> CVE-2016-4002, bug #579734 c98c6c105f66f05aa0b7c1d2a4a3f716450907ef -> CVE-2016-4439, bug #583496 6c1fef6b59563cc415f21e03f81539ed4b33ad90 -> CVE-2016-4441, bug #583496 06630554ccbdd25780aa03c3548aaff1eb56dffd -> , bug #583952 844864fbae66935951529408831c2f22367a57b6 -> CVE-2016-5337, bug #584094 b60bdd1f1ee1616b7a9aeeffb4088e1ce2710fb2 -> , bug #584102 1b85898025c4cd95dce673d15e67e60e98e91731 -> , bug #584146 521360267876d3b6518b328051a2e56bca55bef8 -> CVE-2016-4453, bug #584514 4e68a0ee17dad7b8d870df0081d4ab2e079016c2 -> CVE-2016-4454, bug #584514 a6b3167fa0e825aebb5a7cd8b437b6d41584a196 -> CVE-2016-5126, bug #584630 ff589551c8e8e9e95e211b9d8daafb4ed39f1aec -> CVE-2016-5338, bug #584918 d3cdc49138c30be1d3c2f83d18f85d9fdee95f1a -> CVE-2016-5238, bug #584918 1e7aed70144b4673fc26e73062064b6724795e5f -> , bug #589924 afd9096eb1882f23929f5b5c177898ed231bac66 -> CVE-2016-5403, bug #589928 eb700029c7836798046191d62d595363d92c84d4 -> CVE-2016-6835, bug #591244 ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05 -> CVE-2016-6834, bug #591374 6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8 -> CVE-2016-6833, bug #591380 47882fa4975bf0b58dd74474329fdd7154e8f04c -> CVE-2016-6888, bug #591678 805b5d98c649d26fc44d2d7755a97f18e62b438a 56f101ecce0eafd09e2daf1c4eeb1377d6959261 fff39a7ad09da07ef490de05c92c91f22f8002f2 -> , bug #592430 Package-Manager: portage-2.2.28 Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request. This issue was resolved and addressed in GLSA 201609-01 at https://security.gentoo.org/glsa/201609-01 by GLSA coordinator Yury German (BlueKnight). |