Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 673108 (CVE-2018-20123) - <app-emulation/qemu-3.1.0: pvrdma: memory leakage in device hotplug
Summary: <app-emulation/qemu-3.1.0: pvrdma: memory leakage in device hotplug
Status: RESOLVED FIXED
Alias: CVE-2018-20123
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Low minor (vote)
Assignee: Gentoo Security
URL: https://seclists.org/oss-sec/2018/q4/235
Whiteboard: B4 [noglsa cve]
Keywords:
Depends on:
Blocks: CVE-2018-15746 CVE-2018-19665
  Show dependency tree
 
Reported: 2018-12-14 04:24 UTC by D'juan McDonald (domhnall)
Modified: 2019-03-10 06:18 UTC (History)
1 user (show)

See Also:
Package list:
app-emulation/qemu-3.1.0 app-emulation/qemu-guest-agent-3.1.0
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2018-12-14 04:24:33 UTC
A memory leakage issue was found in the way QEMU initialised its VMWare's paravirtual RDMA device. In pvrdma_realize() routine, if an error occurred, it did not release memory resources allocated to various objects.


A guest user/process could use this flaw to leak host memory, resulting in DoS for host.


Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02817.html



Gentoo Security Padawan
(domhnall)
Comment 1 Larry the Git Cow gentoo-dev 2018-12-19 21:47:01 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40e4d2a3c32609b313962224ee9d2a96075734b8

commit 40e4d2a3c32609b313962224ee9d2a96075734b8
Author:     Matthias Maier <tamiko@gentoo.org>
AuthorDate: 2018-12-19 21:11:21 +0000
Commit:     Matthias Maier <tamiko@gentoo.org>
CommitDate: 2018-12-19 21:46:41 +0000

    app-emulation/qemu: version bump to 3.1.0
    
     - use RESTRICT=strip, bug #651422
    
     - switch to tar.xz, bug #666726
    
     - add missing use constraints, bug #664474
    
       qemu_softmmu_targets_riscv32? ( fdt )
       qemu_softmmu_targets_riscv64? ( fdt )
    
     - 3.1.0 already contains patches for CVE-2018-15746
    
     - applied patch for CVE-2018-20123
    
     - disable bt subsystem entirely as a "workaround" for CVE-2018-19665.
    
       Upstream deprecated the subsystem in November and states that it had
       been dysfunctional for years with likely no users.
    
    Bug: https://bugs.gentoo.org/664740
    Bug: https://bugs.gentoo.org/672346
    Bug: https://bugs.gentoo.org/673108
    Closes: https://bugs.gentoo.org/651422
    Closes: https://bugs.gentoo.org/664474
    Closes: https://bugs.gentoo.org/666726
    Package-Manager: Portage-2.3.52, Repoman-2.3.12
    Signed-off-by: Matthias Maier <tamiko@gentoo.org>

 app-emulation/qemu/Manifest                        |   1 +
 .../qemu/files/qemu-3.1.0-CVE-2018-20123.patch     |  35 +
 app-emulation/qemu/files/qemu-binfmt.initd.head    |   2 +-
 app-emulation/qemu/qemu-2.12.0-r3.ebuild           |   2 +-
 app-emulation/qemu/qemu-2.12.1.ebuild              |   2 +-
 app-emulation/qemu/qemu-3.1.0.ebuild               | 821 +++++++++++++++++++++
 6 files changed, 860 insertions(+), 3 deletions(-)
Comment 2 Matthias Maier gentoo-dev 2019-01-05 20:10:54 UTC
Arches, please stabilize

  =app-emulation/qemu-3.1.0
  =app-emulation/qemu-guest-agent-3.1.0

Target-keywords: amd64, x86
Comment 3 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-01-06 12:26:18 UTC
amd64 stable
Comment 4 Thomas Deutschmann gentoo-dev Security 2019-01-07 00:17:12 UTC
x86 stable
Comment 5 Larry the Git Cow gentoo-dev 2019-02-19 00:19:30 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e67fc2d360f6924368ffdf10519f47bb35e16ab

commit 1e67fc2d360f6924368ffdf10519f47bb35e16ab
Author:     Matthias Maier <tamiko@gentoo.org>
AuthorDate: 2019-02-19 00:11:46 +0000
Commit:     Matthias Maier <tamiko@gentoo.org>
CommitDate: 2019-02-19 00:19:02 +0000

    app-emulation/qemu: drop vulnerable, bug #678302
    
    Bug: https://bugs.gentoo.org/672346
    Bug: https://bugs.gentoo.org/673108
    Bug: https://bugs.gentoo.org/678302
    Package-Manager: Portage-2.3.60, Repoman-2.3.12
    Signed-off-by: Matthias Maier <tamiko@gentoo.org>

 app-emulation/qemu/Manifest           |   2 -
 app-emulation/qemu/metadata.xml       |   2 -
 app-emulation/qemu/qemu-2.12.1.ebuild | 818 ----------------------------------
 3 files changed, 822 deletions(-)
Comment 6 Yury German Gentoo Infrastructure gentoo-dev Security 2019-03-10 06:18:36 UTC
GLSA Vote: No
Thank you all for you work. 
Closing as [noglsa].