EulerOS 2.0 SP9 : qemu (EulerOS-SA-2021-1275)

medium Nessus Plugin ID 146243

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the qemu package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

- In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.(CVE-2020-12829)

- hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.(CVE-2020-25624)

- A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.(CVE-2020-25723)

- hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.(CVE-2020-25625)

- hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.(CVE-2020-28916)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected qemu packages.

See Also

http://www.nessus.org/u?eaa0c799

Plugin Details

Severity: Medium

ID: 146243

File Name: EulerOS_SA-2021-1275.nasl

Version: 1.4

Type: local

Published: 2/5/2021

Updated: 1/23/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

CVSS v2

Risk Factor: Medium

Base Score: 4.4

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-25624

CVSS v3

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.5

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:qemu-img, cpe:/o:huawei:euleros:2.0

Required KB Items: Host/local_checks_enabled, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/5/2021

Reference Information

CVE: CVE-2020-12829, CVE-2020-25624, CVE-2020-25625, CVE-2020-25723, CVE-2020-28916