Bug 1015169 – VUL-0: CVE-2016-9921, CVE-2016-9922: xen: qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy

Bug 1015169 - VUL-0: CVE-2016-9921, CVE-2016-9922: xen: qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy


Summary:	VUL-0: CVE-2016-9921, CVE-2016-9922: xen: qemu: display: cirrus_vga: a divide...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:running:63511:important
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2016-12-12 16:31 UTC by Marcus Meissner
Modified:	2021-01-21 18:16 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2016-12-12 16:31:07 UTC

at least the division by 0 is even in the oldest qemu.

+++ This bug was initially created as a clone of Bug #1014702 +++

Reference: http://seclists.org/oss-sec/2016/q4/634
===================================================
  Hello,

Quick emulator(Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA.


A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS.


Upstream patch
--------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html

Reference:
----------
  -> https://bugzilla.redhat.com/show_bug.cgi?id=1334398

This issue was independently reported by Qinghao Tang, Li Qiang of Qihoo 360.cn Inc. and PSIRTeam of Huawei Inc.



Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F


===================================================

Comment 1 Swamp Workflow Management 2016-12-12 23:01:39 UTC

bugbot adjusting priority

Comment 2 Charles Arnold 2017-02-15 22:21:44 UTC

Submitted for,

Devel:Virt:SLE-11-SP1
Devel:Virt:SLE-11-SP3
Devel:Virt:SLE-11-SP4
Devel:Virt:SLE-12
Devel:Virt:SLE-12-SP1
Devel:Virt:SLE-12-SP2

Comment 3 Swamp Workflow Management 2017-02-16 03:50:37 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2017-02-23.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63427

Comment 4 Swamp Workflow Management 2017-02-27 17:11:57 UTC

SUSE-SU-2017:0570-1: An update that solves 13 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1000195,1002496,1013657,1013668,1014490,1014507,1015169,1016340,1022627,1022871,1023004,1024183,1024186,1024307,1024834,1025188
CVE References: CVE-2016-10155,CVE-2016-9101,CVE-2016-9776,CVE-2016-9907,CVE-2016-9911,CVE-2016-9921,CVE-2016-9922,CVE-2017-2615,CVE-2017-2620,CVE-2017-5579,CVE-2017-5856,CVE-2017-5898,CVE-2017-5973
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    xen-4.5.5_06-22.11.2
SUSE Linux Enterprise Server 12-SP1 (src):    xen-4.5.5_06-22.11.2
SUSE Linux Enterprise Desktop 12-SP1 (src):    xen-4.5.5_06-22.11.2

Comment 5 Swamp Workflow Management 2017-02-27 17:15:01 UTC

SUSE-SU-2017:0571-1: An update that solves four vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1000195,1002496,1005028,1012651,1014298,1014300,1015169,1016340,1022871,1023004,1024834
CVE References: CVE-2016-9921,CVE-2016-9922,CVE-2017-2615,CVE-2017-2620
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    xen-4.7.1_06-31.1
SUSE Linux Enterprise Server 12-SP2 (src):    xen-4.7.1_06-31.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    xen-4.7.1_06-31.1

Comment 6 Swamp Workflow Management 2017-02-28 23:34:58 UTC

SUSE-SU-2017:0582-1: An update that solves 14 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1000195,1002496,1013657,1013668,1014490,1014507,1015169,1016340,1022627,1022871,1023004,1024183,1024186,1024307,1024834,1025188,907805
CVE References: CVE-2014-8106,CVE-2016-10155,CVE-2016-9101,CVE-2016-9776,CVE-2016-9907,CVE-2016-9911,CVE-2016-9921,CVE-2016-9922,CVE-2017-2615,CVE-2017-2620,CVE-2017-5579,CVE-2017-5856,CVE-2017-5898,CVE-2017-5973
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    xen-4.4.4_14-22.33.1
SUSE Linux Enterprise Server 12-LTSS (src):    xen-4.4.4_14-22.33.1

Comment 7 Swamp Workflow Management 2017-03-07 17:10:35 UTC

SUSE-SU-2017:0625-1: An update that solves 15 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1014702,1015169,1016779,1017081,1017084,1020491,1020589,1020928,1021129,1021195,1021481,1022541,1023004,1023053,1023073,1023907,1024972,1026583,977027
CVE References: CVE-2016-10028,CVE-2016-10029,CVE-2016-10155,CVE-2016-9921,CVE-2016-9922,CVE-2017-2615,CVE-2017-2620,CVE-2017-5525,CVE-2017-5526,CVE-2017-5552,CVE-2017-5578,CVE-2017-5667,CVE-2017-5856,CVE-2017-5857,CVE-2017-5898
Sources used:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    qemu-2.6.2-41.9.1
SUSE Linux Enterprise Server 12-SP2 (src):    qemu-2.6.2-41.9.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    qemu-2.6.2-41.9.1

Comment 8 Bruce Rogers 2017-03-07 22:58:50 UTC

Fixed.

Comment 9 Swamp Workflow Management 2017-03-10 20:10:00 UTC

SUSE-SU-2017:0661-1: An update that solves 11 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1013285,1014109,1014111,1014702,1015048,1015169,1016779,1021129,1022541,1023004,1023053,1023907,1024972
CVE References: CVE-2016-10155,CVE-2016-9776,CVE-2016-9907,CVE-2016-9911,CVE-2016-9921,CVE-2016-9922,CVE-2017-2615,CVE-2017-2620,CVE-2017-5667,CVE-2017-5856,CVE-2017-5898
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    qemu-2.0.2-48.31.1
SUSE Linux Enterprise Server 12-LTSS (src):    qemu-2.0.2-48.31.1

Comment 10 Swamp Workflow Management 2017-03-11 14:08:51 UTC

openSUSE-SU-2017:0665-1: An update that solves four vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1000195,1002496,1005028,1012651,1014298,1014300,1015169,1016340,1022871,1023004,1024834
CVE References: CVE-2016-9921,CVE-2016-9922,CVE-2017-2615,CVE-2017-2620
Sources used:
openSUSE Leap 42.2 (src):    xen-4.7.1_06-9.2

Comment 11 Swamp Workflow Management 2017-03-16 17:08:26 UTC

openSUSE-SU-2017:0707-1: An update that solves 15 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1014702,1015169,1016779,1017081,1017084,1020491,1020589,1020928,1021129,1021195,1021481,1022541,1023004,1023053,1023073,1023907,1024972,1026583,977027
CVE References: CVE-2016-10028,CVE-2016-10029,CVE-2016-10155,CVE-2016-9921,CVE-2016-9922,CVE-2017-2615,CVE-2017-2620,CVE-2017-5525,CVE-2017-5526,CVE-2017-5552,CVE-2017-5578,CVE-2017-5667,CVE-2017-5856,CVE-2017-5857,CVE-2017-5898
Sources used:
openSUSE Leap 42.2 (src):    qemu-2.6.2-29.4, qemu-linux-user-2.6.2-29.1, qemu-testsuite-2.6.2-29.8

Comment 12 Swamp Workflow Management 2017-03-17 11:11:29 UTC

SUSE-SU-2017:0718-1: An update that solves 12 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1002496,1012651,1013657,1013668,1014298,1014507,1015169,1016340,1022871,1023004,1024183,1024834,907805
CVE References: CVE-2014-8106,CVE-2016-10013,CVE-2016-10024,CVE-2016-10155,CVE-2016-9101,CVE-2016-9776,CVE-2016-9911,CVE-2016-9921,CVE-2016-9922,CVE-2016-9932,CVE-2017-2615,CVE-2017-2620
Sources used:
SUSE OpenStack Cloud 5 (src):    xen-4.2.5_21-35.1
SUSE Manager Proxy 2.1 (src):    xen-4.2.5_21-35.1
SUSE Manager 2.1 (src):    xen-4.2.5_21-35.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    xen-4.2.5_21-35.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    xen-4.2.5_21-35.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    xen-4.2.5_21-35.1

Comment 13 Swamp Workflow Management 2017-04-28 19:12:20 UTC

SUSE-SU-2017:1135-1: An update that solves 10 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1013285,1014109,1014111,1014702,1015048,1015169,1016779,1021129,1023004,1023053,1023907,1024972
CVE References: CVE-2016-10155,CVE-2016-9776,CVE-2016-9907,CVE-2016-9911,CVE-2016-9921,CVE-2016-9922,CVE-2017-2615,CVE-2017-2620,CVE-2017-5856,CVE-2017-5898
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    kvm-1.4.2-59.1

Comment 14 Swamp Workflow Management 2017-05-11 13:10:28 UTC

SUSE-SU-2017:1241-1: An update that solves 13 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1013285,1014109,1014111,1014702,1015048,1015169,1016779,1020491,1020589,1020928,1021129,1022541,1023004,1023053,1023907,1024972,937125
CVE References: CVE-2016-10155,CVE-2016-9776,CVE-2016-9907,CVE-2016-9911,CVE-2016-9921,CVE-2016-9922,CVE-2017-2615,CVE-2017-2620,CVE-2017-5525,CVE-2017-5526,CVE-2017-5667,CVE-2017-5856,CVE-2017-5898
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    qemu-2.3.1-32.11
SUSE Linux Enterprise Desktop 12-SP1 (src):    qemu-2.3.1-32.11

Comment 15 Swamp Workflow Management 2017-05-16 19:11:02 UTC

openSUSE-SU-2017:1312-1: An update that solves 13 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1013285,1014109,1014111,1014702,1015048,1015169,1016779,1020491,1020589,1020928,1021129,1022541,1023004,1023053,1023907,1024972,937125
CVE References: CVE-2016-10155,CVE-2016-9776,CVE-2016-9907,CVE-2016-9911,CVE-2016-9921,CVE-2016-9922,CVE-2017-2615,CVE-2017-2620,CVE-2017-5525,CVE-2017-5526,CVE-2017-5667,CVE-2017-5856,CVE-2017-5898
Sources used:
openSUSE Leap 42.1 (src):    qemu-2.3.1-25.1, qemu-linux-user-2.3.1-25.1, qemu-testsuite-2.3.1-25.1