Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 580040 (CVE-2016-4020) - <app-emulation/qemu-2.5.1: i386: leakage of stack memory to guest in kvmvapic.c
Summary: <app-emulation/qemu-2.5.1: i386: leakage of stack memory to guest in kvmvapic.c
Status: RESOLVED FIXED
Alias: CVE-2016-4020
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://lists.gnu.org/archive/html/qe...
Whiteboard: B4 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-04-15 07:01 UTC by Agostino Sarubbo
Modified: 2016-09-26 00:36 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-04-15 07:01:02 UTC
From ${URL} :

Qemu emulator built with the Task Priority Register(TPR) optimizations for 32-bit Windows guests, 
is vulnerable to a information leakage issue. It could
occur while accessing Task Priority Register(TPR).

A privileged user/process inside guest could use this issue to leak host memory bytes.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2016/04/14/3


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 SpanKY gentoo-dev 2016-04-23 20:30:12 UTC
included fix in qemu-2.5.1.  should be fine for stable.
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-06-21 09:03:07 UTC
@maintainer(s), please cleanup the vulnerable versions:

app-emulation/qemu-2.5.0-{r2,r3}
Comment 3 Matthias Maier gentoo-dev 2016-09-05 05:35:00 UTC
commit 01e6cb9bcad3046a7223e31c4b533485d6ca0877
Author: Matthias Maier <tamiko@gentoo.org>
Date:   Sun Sep 4 22:58:05 2016 -0500

    app-emulation/qemu: remove vulnerable 2.5.0
    
    Package-Manager: portage-2.2.28
Comment 4 Yury German Gentoo Infrastructure gentoo-dev Security 2016-09-25 22:45:53 UTC
Added to an existing GLSA Request.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2016-09-26 00:36:39 UTC
This issue was resolved and addressed in
 GLSA 201609-01 at https://security.gentoo.org/glsa/201609-01
by GLSA coordinator Yury German (BlueKnight).