[go: up one dir, main page]
Bug 957162 (CVE-2015-7512) - VUL-0: CVE-2015-7512: kvm, qemu: net: pcnet: buffer overflow in non-loopback mode
Summary: VUL-0: CVE-2015-7512: kvm, qemu: net: pcnet: buffer overflow in non-loopback ...
Status: RESOLVED FIXED
Alias: CVE-2015-7512
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Bruce Rogers
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/159213/
Whiteboard: CVSSv2:RedHat:CVE-2015-7512:7.6:(AV:N...
Keywords:
Depends on: 966639
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-30 13:54 UTC by Alexander Bergmann
Modified: 2016-10-19 10:25 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2015-11-30 13:54:49 UTC 
rh#1285061

The AMD PC-Net II emulator(hw/net/pcnet.c), while receiving packets from a
remote host(non-loopback mode), fails to validate the received data size,
thus resulting in a buffer overflow issue. It could potentially lead to
arbitrary code execution on the host, with privileges of the Qemu process.
It requires the guest NIC to have larger MTU limit.

A remote user could use this flaw to crash the guest instance resulting in DoS
or potentially execute arbitrary code on a remote host with privileges of the
Qemu process.

Upstream fix:
https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06341.html

CVE-2015-7512 was assigned to this issue.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1285061
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7512
http://seclists.org/oss-sec/2015/q4/403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7512
Comment 1 Swamp Workflow Management 2015-11-30 23:01:36 UTC 
bugbot adjusting priority
Comment 2 Swamp Workflow Management 2016-01-04 13:12:41 UTC 
SUSE-SU-2016:0010-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 947164,950590,953187,956829,957162
CVE References: CVE-2015-7512,CVE-2015-8345
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    kvm-1.4.2-35.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    kvm-1.4.2-35.1
Comment 3 Andreas Stieger 2016-01-05 10:31:45 UTC 
releasing SLE 12 update
Comment 4 Swamp Workflow Management 2016-01-05 14:12:07 UTC 
SUSE-SU-2016:0020-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 947164,950590,953187,956829,957162
CVE References: CVE-2015-7512,CVE-2015-8345
Sources used:
SUSE Linux Enterprise Server 11-SP3 (src):    kvm-1.4.2-37.1
SUSE Linux Enterprise Desktop 11-SP3 (src):    kvm-1.4.2-37.1
Comment 5 Swamp Workflow Management 2016-01-05 14:12:59 UTC 
SUSE-SU-2016:0021-1: An update that solves two vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 947164,953187,956829,957162
CVE References: CVE-2015-7512,CVE-2015-8345
Sources used:
SUSE Linux Enterprise Server 12 (src):    qemu-2.0.2-48.12.1
SUSE Linux Enterprise Desktop 12 (src):    qemu-2.0.2-48.12.1
Comment 6 Swamp Workflow Management 2016-02-15 18:11:54 UTC 
SUSE-SU-2016:0459-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 954864,956829,957162
CVE References: CVE-2015-7512,CVE-2015-8345
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    qemu-2.3.1-7.7
SUSE Linux Enterprise Desktop 12-SP1 (src):    qemu-2.3.1-7.7
Comment 7 Swamp Workflow Management 2016-02-21 10:17:08 UTC 
openSUSE-SU-2016:0536-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 954864,956829,957162
CVE References: CVE-2015-7512,CVE-2015-8345
Sources used:
openSUSE Leap 42.1 (src):    qemu-2.3.1-12.1, qemu-linux-user-2.3.1-12.1, qemu-testsuite-2.3.1-12.2
Comment 8 Swamp Workflow Management 2016-03-24 12:11:30 UTC 
SUSE-SU-2016:0873-1: An update that solves 43 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 864391,864655,864769,864805,864811,877642,897654,901508,902737,924018,928393,945404,945989,954872,956829,957162,957698,957988,958007,958009,958491,958523,958917,959005,959332,959387,959695,960334,960707,960725,960835,960861,960862,961332,961358,961691,962320,963782,963923,964413,965315,965317,967012,967013,967969,969121,969122,969350
CVE References: CVE-2013-4533,CVE-2013-4534,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3640,CVE-2014-3689,CVE-2014-7815,CVE-2014-9718,CVE-2015-1779,CVE-2015-5278,CVE-2015-6855,CVE-2015-7512,CVE-2015-7549,CVE-2015-8345,CVE-2015-8504,CVE-2015-8550,CVE-2015-8554,CVE-2015-8555,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2015-8817,CVE-2015-8818,CVE-2016-1568,CVE-2016-1570,CVE-2016-1571,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2270,CVE-2016-2271,CVE-2016-2391,CVE-2016-2392,CVE-2016-2538,CVE-2016-2841
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    xen-4.5.2_06-7.1
SUSE Linux Enterprise Server 12-SP1 (src):    xen-4.5.2_06-7.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    xen-4.5.2_06-7.1
Comment 9 Swamp Workflow Management 2016-04-01 11:15:45 UTC 
openSUSE-SU-2016:0914-1: An update that solves 26 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 864391,864655,864769,864805,877642,901508,902737,924018,928393,945404,945989,954872,956829,957162,957698,959332,959695,960334,960707,960725,960835,960861,961332,961358,961691,963782,963923,964413,967012,967013,967969
CVE References: CVE-2013-4533,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3689,CVE-2014-7815,CVE-2014-9718,CVE-2015-1779,CVE-2015-5278,CVE-2015-6855,CVE-2015-7512,CVE-2015-8345,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2016-1568,CVE-2016-1570,CVE-2016-1714,CVE-2016-1981,CVE-2016-2198,CVE-2016-2391,CVE-2016-2392,CVE-2016-2538
Sources used:
openSUSE Leap 42.1 (src):    xen-4.5.2_06-12.1

Product List: openSUSE Leap 42.1
Comment 10 Swamp Workflow Management 2016-04-05 15:11:12 UTC 
SUSE-SU-2016:0955-1: An update that solves 46 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 864391,864655,864673,864678,864682,864769,864805,864811,877642,897654,901508,902737,924018,928393,945404,945989,954872,956829,957162,957988,958007,958009,958491,958523,958917,959005,959387,959695,959928,960334,960707,960725,960835,960861,960862,961332,961358,961691,962320,963782,963923,964413,965315,965317,967012,967013,967630,967969,969121,969122,969350
CVE References: CVE-2013-4527,CVE-2013-4529,CVE-2013-4530,CVE-2013-4533,CVE-2013-4534,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3640,CVE-2014-3689,CVE-2014-7815,CVE-2014-9718,CVE-2015-1779,CVE-2015-5278,CVE-2015-6855,CVE-2015-7512,CVE-2015-7549,CVE-2015-8345,CVE-2015-8504,CVE-2015-8550,CVE-2015-8554,CVE-2015-8555,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2015-8817,CVE-2015-8818,CVE-2016-1568,CVE-2016-1570,CVE-2016-1571,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2270,CVE-2016-2271,CVE-2016-2391,CVE-2016-2392,CVE-2016-2538,CVE-2016-2841
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    xen-4.4.4_02-32.1
SUSE Linux Enterprise Server 11-SP4 (src):    xen-4.4.4_02-32.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    xen-4.4.4_02-32.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xen-4.4.4_02-32.1
Comment 11 Swamp Workflow Management 2016-04-26 14:10:12 UTC 
SUSE-SU-2016:1154-1: An update that solves 26 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 864391,864655,864769,864805,864811,877642,897654,901508,902737,945989,957162,957988,958007,958009,958491,958523,959005,960707,960725,960861,960862,961691,963782,965315,965317,967013,967630,969350
CVE References: CVE-2013-4533,CVE-2013-4534,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3640,CVE-2014-3689,CVE-2014-7815,CVE-2015-5278,CVE-2015-7512,CVE-2015-8504,CVE-2015-8550,CVE-2015-8554,CVE-2015-8555,CVE-2015-8558,CVE-2015-8743,CVE-2015-8745,CVE-2016-1570,CVE-2016-1571,CVE-2016-1714,CVE-2016-1981,CVE-2016-2270,CVE-2016-2271,CVE-2016-2391,CVE-2016-2841
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    xen-4.1.6_08-26.1
Comment 12 Swamp Workflow Management 2016-07-06 09:13:58 UTC 
SUSE-SU-2016:1745-1: An update that solves 35 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 864391,864655,864673,864678,864682,864769,864805,864811,877642,897654,901508,902737,928393,945404,945989,954872,956829,957162,957988,958007,958009,958491,958523,959005,959695,959928,960707,960725,960861,960862,961332,961691,963782,965315,965317,967012,967013,967630,967969,969350
CVE References: CVE-2013-4527,CVE-2013-4529,CVE-2013-4530,CVE-2013-4533,CVE-2013-4534,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3640,CVE-2014-3689,CVE-2014-7815,CVE-2014-9718,CVE-2015-5278,CVE-2015-6855,CVE-2015-7512,CVE-2015-8345,CVE-2015-8504,CVE-2015-8550,CVE-2015-8554,CVE-2015-8555,CVE-2015-8558,CVE-2015-8743,CVE-2015-8745,CVE-2016-1568,CVE-2016-1570,CVE-2016-1571,CVE-2016-1714,CVE-2016-1981,CVE-2016-2270,CVE-2016-2271,CVE-2016-2391,CVE-2016-2392,CVE-2016-2538,CVE-2016-2841
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    xen-4.2.5_20-24.9
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    xen-4.2.5_20-24.9
Comment 13 Johannes Segitz 2016-07-21 15:49:00 UTC 
fixed everywhere