RHEL 6 : qemu-kvm (RHSA-2017:1206)

critical Nessus Plugin ID 100092

Synopsis

The remote Red Hat host is missing one or more security updates for qemu-kvm.

Description

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:1206 advisory.

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM.

Security Fix(es):

* A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
(CVE-2016-9603)

* An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2017-7980)

* An out-of-bounds memory access issue was found in QEMU's VNC display driver support. The vulnerability could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user/process inside a guest could use this flaw to crash the QEMU process, resulting in a denial of service. (CVE-2017-2633)

* An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service. (CVE-2017-7718)

Red Hat would like to thank Jiangxin (PSIRT Huawei Inc.) and Li Qiang (Qihoo 360 Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT Huawei Inc.) for reporting CVE-2017-7718.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL qemu-kvm package based on the guidance in RHSA-2017:1206.

See Also

http://www.nessus.org/u?35612396

https://access.redhat.com/errata/RHSA-2017:1206

https://access.redhat.com/security/updates/classification/#important

https://bugzilla.redhat.com/show_bug.cgi?id=1400438

https://bugzilla.redhat.com/show_bug.cgi?id=1425939

https://bugzilla.redhat.com/show_bug.cgi?id=1430056

https://bugzilla.redhat.com/show_bug.cgi?id=1437060

https://bugzilla.redhat.com/show_bug.cgi?id=1443441

https://bugzilla.redhat.com/show_bug.cgi?id=1444371

Plugin Details

Severity: Critical

ID: 100092

File Name: redhat-RHSA-2017-1206.nasl

Version: 3.13

Type: local

Agent: unix

Published: 5/10/2017

Updated: 4/15/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2016-9603

CVSS v3

Risk Factor: Critical

Base Score: 9.9

Temporal Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:qemu-img, p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools, p-cpe:/a:redhat:enterprise_linux:qemu-kvm

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 5/9/2017

Vulnerability Publication Date: 4/20/2017

Reference Information

CVE: CVE-2016-9603, CVE-2017-2633, CVE-2017-7718, CVE-2017-7980

CWE: 120, 122, 125, 787

RHSA: 2017:1206