| Summary: | <app-emulation/xen-4.13.1-r3: Out of bounds read/write in USB emulation (CVE-2020-14364) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sam James <sam> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | ajak, hydrapolic, mgorny, proxy-maint, xen |
| Priority: | Normal | Flags: | nattka:
sanity-check+
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: |
https://github.com/gentoo/gentoo/pull/17384 https://bugs.gentoo.org/show_bug.cgi?id=744202 |
||
| Whiteboard: | B1 [glsa+] | ||
| Package list: |
app-emulation/xen-4.13.1-r3 amd64
app-emulation/xen-pvgrub-4.13.1
app-emulation/xen-tools-4.13.1-r3
|
Runtime testing required: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 694800 | ||
ping The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8e9934490fa854d278ff7f97d5308aeeb30b391 commit c8e9934490fa854d278ff7f97d5308aeeb30b391 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2020-09-02 10:56:35 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-09-12 18:32:15 +0000 app-emulation/xen-tools: add upstream and security patches Bug: https://bugs.gentoo.org/738040 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> app-emulation/xen-tools/Manifest | 5 +- app-emulation/xen-tools/xen-tools-4.12.3-r3.ebuild | 501 +++++++++++++++++++++ ...4.13.1-r2.ebuild => xen-tools-4.13.1-r3.ebuild} | 7 +- ...ls-4.14.0.ebuild => xen-tools-4.14.0-r1.ebuild} | 7 +- 4 files changed, 513 insertions(+), 7 deletions(-) Please stable 4.12.3-r3 when ready. Unable to check for sanity:
> dependent bug #735214 has errors
Let's stabilize 4.13 instead. All sanity-check issues have been resolved *** Bug 735214 has been marked as a duplicate of this bug. *** x86 stable amd64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5ea55353ef99ee903abf4d9594553b0662f6ad8 commit b5ea55353ef99ee903abf4d9594553b0662f6ad8 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2020-09-19 07:27:49 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2020-09-19 08:04:34 +0000 app-emulation/xen: Remove old Bug: https://bugs.gentoo.org/738040 Signed-off-by: Michał Górny <mgorny@gentoo.org> app-emulation/xen/Manifest | 3 - app-emulation/xen/xen-4.12.3-r2.ebuild | 165 --------------------------------- app-emulation/xen/xen-4.12.3-r3.ebuild | 165 --------------------------------- 3 files changed, 333 deletions(-) This issue was resolved and addressed in GLSA 202009-14 at https://security.gentoo.org/glsa/202009-14 by GLSA coordinator Sam James (sam_c). |
ISSUE DESCRIPTION ================= An out-of-bounds read/write access issue was found in the USB emulator of the QEMU. It occurs while processing USB packets from a guest, when 'USBDevice->setup_len' exceeds the USBDevice->data_buf[4096], in do_token_{in,out} routines. IMPACT ====== A guest user may use this flaw to crash the QEMU process resulting in DoS OR potentially execute arbitrary code with the privileges of the QEMU process on the host. VULNERABLE SYSTEMS ================== The Xen security team are still analysing the extent of the vulnerable systems. An update will be sent out when we are more certain. It is currently believed to be any x86 HVM guest, with any version of qemu-upstream or qemu-traditional. MITIGATION ========== No mitigation is available.