978158 – (CVE-2016-3710) VUL-0: CVE-2016-3710: kvm, qemu: Guest escape via qemu VGA module

Bug 978158 (CVE-2016-3710) - VUL-0: CVE-2016-3710: kvm, qemu: Guest escape via qemu VGA module

Summary: VUL-0: CVE-2016-3710: kvm, qemu: Guest escape via qemu VGA module

Status:	RESOLVED FIXED

Alias:	CVE-2016-3710

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assignee:	Bruce Rogers
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:SUSE:CVE-2016-3710:3.5:(AV:L/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-05-03 07:26 UTC by Johannes Segitz
Modified:	2016-07-21 14:23 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2016-05-03 07:26:33 UTC

Created attachment 675283 [details]
Patch for CVE-2016-3710

CVE-2016-3710

Qemu VGA module allows banked access to video memory using the window at
0xa00000 and it supports different access modes with different address
calculations. A privileged guest user could use this flaw to exceed the
bank address window and write beyond the said memory area, potentially
leading to arbitrary code execution with privileges of the Qemu process on
a host. (Important)

This issue was discovered and reported by "Wei Xiao and Qinghao Tang of 360
Marvel Team" of 360.cn Inc.

CRD: 2016-05-09 12:00 UTC

Comment 1 Swamp Workflow Management 2016-05-03 22:00:11 UTC

bugbot adjusting priority

Comment 2 Johannes Segitz 2016-05-10 08:33:14 UTC

is public

Comment 3 Swamp Workflow Management 2016-06-13 11:14:20 UTC

SUSE-SU-2016:1560-1: An update that solves 37 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 886378,895528,901508,928393,934069,940929,944463,947159,958491,958917,959005,959386,960334,960708,960725,960835,961332,961333,961358,961556,961691,962320,963782,964413,967969,969121,969122,969350,970036,970037,975128,975136,975700,976109,978158,978160,980711,980723,981266
CVE References: CVE-2014-3615,CVE-2014-3689,CVE-2014-9718,CVE-2015-3214,CVE-2015-5239,CVE-2015-5745,CVE-2015-7295,CVE-2015-7549,CVE-2015-8504,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2015-8817,CVE-2015-8818,CVE-2016-1568,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2538,CVE-2016-2841,CVE-2016-2857,CVE-2016-2858,CVE-2016-3710,CVE-2016-3712,CVE-2016-4001,CVE-2016-4002,CVE-2016-4020,CVE-2016-4037,CVE-2016-4439,CVE-2016-4441,CVE-2016-4952
Sources used:
SUSE Linux Enterprise Server 12 (src):    qemu-2.0.2-48.19.1
SUSE Linux Enterprise Desktop 12 (src):    qemu-2.0.2-48.19.1

Comment 4 Swamp Workflow Management 2016-06-28 18:13:14 UTC

SUSE-SU-2016:1698-1: An update that solves 33 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 895528,901508,928393,934069,936132,940929,944463,945404,945987,945989,947159,958491,958917,959005,960334,960725,961332,961333,961358,961556,961691,962320,963782,964413,967969,969350,970036,970037,975128,975136,975700,976109,978158,978160,980711,980723
CVE References: CVE-2014-3615,CVE-2014-3689,CVE-2014-9718,CVE-2015-3214,CVE-2015-5239,CVE-2015-5278,CVE-2015-5279,CVE-2015-5745,CVE-2015-6855,CVE-2015-7295,CVE-2015-7549,CVE-2015-8504,CVE-2015-8558,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2016-1568,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2538,CVE-2016-2841,CVE-2016-2857,CVE-2016-2858,CVE-2016-3710,CVE-2016-3712,CVE-2016-4001,CVE-2016-4002,CVE-2016-4020,CVE-2016-4037,CVE-2016-4439,CVE-2016-4441
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kvm-1.4.2-46.1

Comment 5 Swamp Workflow Management 2016-06-29 09:12:33 UTC

SUSE-SU-2016:1703-1: An update that solves 32 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 886378,940929,958491,958917,959005,959386,960334,960708,960725,960835,961332,961333,961358,961556,961691,962320,963782,964411,964413,967969,969121,969122,969350,970036,970037,975128,975136,975700,976109,978158,978160,980711,980723,981266
CVE References: CVE-2015-5745,CVE-2015-7549,CVE-2015-8504,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2015-8817,CVE-2015-8818,CVE-2016-1568,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2197,CVE-2016-2198,CVE-2016-2538,CVE-2016-2841,CVE-2016-2857,CVE-2016-2858,CVE-2016-3710,CVE-2016-3712,CVE-2016-4001,CVE-2016-4002,CVE-2016-4020,CVE-2016-4037,CVE-2016-4439,CVE-2016-4441,CVE-2016-4952
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    qemu-2.3.1-14.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    qemu-2.3.1-14.1

Comment 6 Swamp Workflow Management 2016-07-06 20:09:42 UTC

openSUSE-SU-2016:1750-1: An update that solves 32 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 886378,940929,958491,958917,959005,959386,960334,960708,960725,960835,961332,961333,961358,961556,961691,962320,963782,964411,964413,967969,969121,969122,969350,970036,970037,975128,975136,975700,976109,978158,978160,980711,980723,981266
CVE References: CVE-2015-5745,CVE-2015-7549,CVE-2015-8504,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2015-8817,CVE-2015-8818,CVE-2016-1568,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2197,CVE-2016-2198,CVE-2016-2538,CVE-2016-2841,CVE-2016-2857,CVE-2016-2858,CVE-2016-3710,CVE-2016-3712,CVE-2016-4001,CVE-2016-4002,CVE-2016-4020,CVE-2016-4037,CVE-2016-4439,CVE-2016-4441,CVE-2016-4952
Sources used:
openSUSE Leap 42.1 (src):    qemu-2.3.1-15.1, qemu-linux-user-2.3.1-15.1, qemu-testsuite-2.3.1-15.2

Comment 7 Swamp Workflow Management 2016-07-11 14:45:43 UTC

SUSE-SU-2016:1785-1: An update that solves 33 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 895528,901508,928393,934069,936132,940929,944463,945404,945987,945989,947159,958491,958917,959005,960334,960725,961332,961333,961358,961556,961691,962320,963782,964413,967969,969350,970036,970037,975128,975136,975700,976109,978158,978160,980711,980723
CVE References: CVE-2014-3615,CVE-2014-3689,CVE-2014-9718,CVE-2015-3214,CVE-2015-5239,CVE-2015-5278,CVE-2015-5279,CVE-2015-5745,CVE-2015-6855,CVE-2015-7295,CVE-2015-7549,CVE-2015-8504,CVE-2015-8558,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2016-1568,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2538,CVE-2016-2841,CVE-2016-2857,CVE-2016-2858,CVE-2016-3710,CVE-2016-3712,CVE-2016-4001,CVE-2016-4002,CVE-2016-4020,CVE-2016-4037,CVE-2016-4439,CVE-2016-4441
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    kvm-1.4.2-44.1

Comment 8 Johannes Segitz 2016-07-21 14:23:28 UTC

fixed everywhere