First Last Prev Next    This bug is not in your last search results.
Bug 1021129 - (CVE-2016-10155) VUL-0: CVE-2016-10155: kvm: qemu: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb
(CVE-2016-10155)
VUL-0: CVE-2016-10155: kvm: qemu: watchdog: memory leakage in virtual hardwar...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: unspecified
Assigned To: Bruce Rogers
Security Team bot
. CVSSv2:NVD:CVE-2016-10155:4.9:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-01-20 15:34 UTC by Mikhail Kasimov
Modified: 2019-08-16 15:23 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2017-01-20 15:34:46 UTC 
Ref: http://seclists.org/oss-sec/2017/q1/155
==============================================
  Hello,

Quick Emulator(Qemu) built with the virtual hardware watchdog 'wdt_i6300esb' support is vulnerable to a memory leakage issue. It could occur while doing a device unplug operation; Doing so repeatedly would result in leaking host memory, affecting other services on the host.


A privileged user inside guest could use this flaw to cause a DoS and/or potentially crash the Qemu process on the host.


Upstream patch:
---------------
  -> https://lists.nongnu.org/archive/html/qemu-devel/2016-12/msg03104.html

Reference:
----------
  -> https://bugzilla.redhat.com/show_bug.cgi?id=1415199

This issue was reported by Mr Li Qiang of 360.cn Inc.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
==============================================
Comment 1 Swamp Workflow Management 2017-01-20 23:01:06 UTC 
bugbot adjusting priority
Comment 3 Bruce Rogers 2017-02-16 14:58:33 UTC 
11-SP4 and previous don't allow unplug for this device (and hence repeated plug/unplug), so no DoS possible there.
Comment 6 Bruce Rogers 2017-02-16 16:48:30 UTC 
(In reply to Bruce Rogers from comment #3)
> 11-SP4 and previous don't allow unplug for this device (and hence repeated
> plug/unplug), so no DoS possible there.

For the public record:
Oops - I made a mistake with an assumption here - this is not true. I'll get this fixed for 11SP3/4.
Comment 8 Swamp Workflow Management 2017-03-07 17:11:45 UTC 
SUSE-SU-2017:0625-1: An update that solves 15 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1014702,1015169,1016779,1017081,1017084,1020491,1020589,1020928,1021129,1021195,1021481,1022541,1023004,1023053,1023073,1023907,1024972,1026583,977027
CVE References: CVE-2016-10028,CVE-2016-10029,CVE-2016-10155,CVE-2016-9921,CVE-2016-9922,CVE-2017-2615,CVE-2017-2620,CVE-2017-5525,CVE-2017-5526,CVE-2017-5552,CVE-2017-5578,CVE-2017-5667,CVE-2017-5856,CVE-2017-5857,CVE-2017-5898
Sources used:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    qemu-2.6.2-41.9.1
SUSE Linux Enterprise Server 12-SP2 (src):    qemu-2.6.2-41.9.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    qemu-2.6.2-41.9.1
Comment 9 Bruce Rogers 2017-03-07 22:47:44 UTC 
Fixed.
Comment 10 Bruce Rogers 2017-03-07 22:48:14 UTC 
Now Marked fixed.
Comment 11 Swamp Workflow Management 2017-03-10 20:10:21 UTC 
SUSE-SU-2017:0661-1: An update that solves 11 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1013285,1014109,1014111,1014702,1015048,1015169,1016779,1021129,1022541,1023004,1023053,1023907,1024972
CVE References: CVE-2016-10155,CVE-2016-9776,CVE-2016-9907,CVE-2016-9911,CVE-2016-9921,CVE-2016-9922,CVE-2017-2615,CVE-2017-2620,CVE-2017-5667,CVE-2017-5856,CVE-2017-5898
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    qemu-2.0.2-48.31.1
SUSE Linux Enterprise Server 12-LTSS (src):    qemu-2.0.2-48.31.1
Comment 12 Swamp Workflow Management 2017-03-16 17:09:30 UTC 
openSUSE-SU-2017:0707-1: An update that solves 15 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1014702,1015169,1016779,1017081,1017084,1020491,1020589,1020928,1021129,1021195,1021481,1022541,1023004,1023053,1023073,1023907,1024972,1026583,977027
CVE References: CVE-2016-10028,CVE-2016-10029,CVE-2016-10155,CVE-2016-9921,CVE-2016-9922,CVE-2017-2615,CVE-2017-2620,CVE-2017-5525,CVE-2017-5526,CVE-2017-5552,CVE-2017-5578,CVE-2017-5667,CVE-2017-5856,CVE-2017-5857,CVE-2017-5898
Sources used:
openSUSE Leap 42.2 (src):    qemu-2.6.2-29.4, qemu-linux-user-2.6.2-29.1, qemu-testsuite-2.6.2-29.8
Comment 14 Marcus Meissner 2017-04-12 09:12:29 UTC 
please check
Comment 15 Bruce Rogers 2017-04-12 13:16:09 UTC 
(In reply to Marcus Meissner from comment #14)
> please check

Yes, this was an error. Not quite sure how it happened. The 2nd call should have been to qemu_free_timer. Shall I resubmit the MR with this change only?
Comment 16 Marcus Meissner 2017-04-12 13:20:30 UTC 
yes please
Comment 19 Bruce Rogers 2017-04-19 16:17:01 UTC 
the following submissions have just been done:
SLE11-SP4 kvm MR#131505
SLE11-SP3 kvm MR#131506
Comment 20 Swamp Workflow Management 2017-04-28 19:12:39 UTC 
SUSE-SU-2017:1135-1: An update that solves 10 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1013285,1014109,1014111,1014702,1015048,1015169,1016779,1021129,1023004,1023053,1023907,1024972
CVE References: CVE-2016-10155,CVE-2016-9776,CVE-2016-9907,CVE-2016-9911,CVE-2016-9921,CVE-2016-9922,CVE-2017-2615,CVE-2017-2620,CVE-2017-5856,CVE-2017-5898
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    kvm-1.4.2-59.1
Comment 21 Swamp Workflow Management 2017-05-11 13:11:06 UTC 
SUSE-SU-2017:1241-1: An update that solves 13 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1013285,1014109,1014111,1014702,1015048,1015169,1016779,1020491,1020589,1020928,1021129,1022541,1023004,1023053,1023907,1024972,937125
CVE References: CVE-2016-10155,CVE-2016-9776,CVE-2016-9907,CVE-2016-9911,CVE-2016-9921,CVE-2016-9922,CVE-2017-2615,CVE-2017-2620,CVE-2017-5525,CVE-2017-5526,CVE-2017-5667,CVE-2017-5856,CVE-2017-5898
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    qemu-2.3.1-32.11
SUSE Linux Enterprise Desktop 12-SP1 (src):    qemu-2.3.1-32.11
Comment 22 Swamp Workflow Management 2017-05-16 19:11:43 UTC 
openSUSE-SU-2017:1312-1: An update that solves 13 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1013285,1014109,1014111,1014702,1015048,1015169,1016779,1020491,1020589,1020928,1021129,1022541,1023004,1023053,1023907,1024972,937125
CVE References: CVE-2016-10155,CVE-2016-9776,CVE-2016-9907,CVE-2016-9911,CVE-2016-9921,CVE-2016-9922,CVE-2017-2615,CVE-2017-2620,CVE-2017-5525,CVE-2017-5526,CVE-2017-5667,CVE-2017-5856,CVE-2017-5898
Sources used:
openSUSE Leap 42.1 (src):    qemu-2.3.1-25.1, qemu-linux-user-2.3.1-25.1, qemu-testsuite-2.3.1-25.1
Comment 23 Swamp Workflow Management 2017-11-24 20:13:36 UTC 
SUSE-SU-2017:3084-1: An update that solves 33 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1013285,1014109,1014111,1014702,1015048,1016779,1020427,1021129,1021741,1023004,1023053,1023907,1024972,1025109,1028184,1028656,1030624,1031051,1034044,1034866,1034908,1035406,1035950,1037242,1038396,1039495,1042159,1042800,1042801,1043296,1045035,1046636,1047674,1048902,1049381,1049785,1056334,1057585,1062069,1063122
CVE References: CVE-2016-10155,CVE-2016-9602,CVE-2016-9603,CVE-2016-9776,CVE-2016-9907,CVE-2016-9911,CVE-2016-9921,CVE-2016-9922,CVE-2017-10664,CVE-2017-10806,CVE-2017-11334,CVE-2017-11434,CVE-2017-13672,CVE-2017-14167,CVE-2017-15038,CVE-2017-15289,CVE-2017-2615,CVE-2017-2620,CVE-2017-5579,CVE-2017-5856,CVE-2017-5898,CVE-2017-5973,CVE-2017-6505,CVE-2017-7471,CVE-2017-7493,CVE-2017-7718,CVE-2017-7980,CVE-2017-8086,CVE-2017-8309,CVE-2017-9330,CVE-2017-9373,CVE-2017-9375,CVE-2017-9503
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kvm-1.4.2-53.11.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kvm-1.4.2-53.11.1
Comment 24 Johannes Segitz 2018-02-15 10:51:13 UTC 
fixed
First Last Prev Next    This bug is not in your last search results.