Detections
Analytics
Debian DLA-2373-1 : qemu security update
medium Nessus Plugin ID 140541
Language:
Synopsis
The remote Debian host is missing a security update.Description
The following security issues have been found in qemu, which could potentially result in DoS and execution of arbitrary code.CVE-2020-1711
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.
CVE-2020-13253
An out-of-bounds read access issue was found in the SD Memory Card emulator of the QEMU. It occurs while performing block write commands via sdhci_write(), if a guest user has sent 'address' which is OOB of 's->wp_groups'. A guest user/process may use this flaw to crash the QEMU process resulting in DoS.
CVE-2020-14364
An out-of-bounds read/write access issue was found in the USB emulator of the QEMU. It occurs while processing USB packets from a guest, when 'USBDevice->setup_len' exceeds the USBDevice->data_buf[4096], in do_token_{in,out} routines.
CVE-2020-16092
An assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c
For Debian 9 stretch, these problems have been fixed in version 1:2.8+dfsg-6+deb9u11.
We recommend that you upgrade your qemu packages.
For the detailed security status of qemu please refer to its security tracker page at: https://security-tracker.debian.org/tracker/qemu
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Upgrade the affected packages.See Also
https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html
https://packages.debian.org/source/stretch/qemu
https://security-tracker.debian.org/tracker/source-package/qemu
Plugin Details
Severity: Medium
ID: 140541
File Name: debian_DLA-2373.nasl
Version: 1.5
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 9/14/2020
Updated: 2/20/2024
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.9
CVSS v2
Risk Factor: Medium
Base Score: 6
Temporal Score: 4.4
Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS Score Source: CVE-2020-1711
CVSS v3
Risk Factor: Medium
Base Score: 6
Temporal Score: 5.2
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:qemu-utils, p-cpe:/a:debian:debian_linux:qemu-user, p-cpe:/a:debian:debian_linux:qemu-system-sparc, p-cpe:/a:debian:debian_linux:qemu-system-x86, p-cpe:/a:debian:debian_linux:qemu-system-mips, p-cpe:/a:debian:debian_linux:qemu-user-binfmt, p-cpe:/a:debian:debian_linux:qemu-block-extra, cpe:/o:debian:debian_linux:9.0, p-cpe:/a:debian:debian_linux:qemu-system, p-cpe:/a:debian:debian_linux:qemu-user-static, p-cpe:/a:debian:debian_linux:qemu-system-ppc, p-cpe:/a:debian:debian_linux:qemu-system-common, p-cpe:/a:debian:debian_linux:qemu-kvm, p-cpe:/a:debian:debian_linux:qemu-guest-agent, p-cpe:/a:debian:debian_linux:qemu-system-misc, p-cpe:/a:debian:debian_linux:qemu, p-cpe:/a:debian:debian_linux:qemu-system-arm
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 9/13/2020
Vulnerability Publication Date: 2/11/2020
Reference Information
CVE: CVE-2020-13253, CVE-2020-14364, CVE-2020-16092, CVE-2020-1711
IAVB: 2020-B-0063-S