RHEL 7 : qemu-kvm-rhev (RHSA-2017:2408)

medium Nessus Plugin ID 210314

Synopsis

The remote Red Hat host is missing one or more security updates for qemu-kvm-rhev.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2408 advisory.

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.

Security Fix(es):

* Quick Emulator (QEMU) built with Network Block Device (NBD) Server support was vulnerable to a null- pointer dereference issue. The flaw could occur when releasing a client that was not initialized due to failed negotiation. A remote user or process could exploit this flaw to crash the qemu-nbd server (denial of service). (CVE-2017-9524)

* An information-exposure flaw was found in Quick Emulator (QEMU) in Task Priority Register (TPR) optimizations for 32-bit Windows guests. The flaw could occur while accessing TPR. A privileged user inside a guest could use this issue to read portions of the host memory. (CVE-2016-4020)

* A memory-leak flaw was found in the Quick Emulator (QEMU) built with USB xHCI controller emulation support. The flaw could occur while doing a USB-device unplug operation. Unplugging the device repeatedly resulted in leaking host memory, which affected other services on the host. A privileged user inside the guest could exploit this flaw to cause a denial of service on the host or potentially crash the host's QEMU process instance. (CVE-2016-7466)

* Multiple CVEs were fixed as a result of rebase to QEMU 2.9.0. (CVE-2016-6888, CVE-2016-7422, CVE-2016-8576, CVE-2016-8669, CVE-2016-8909, CVE-2016-8910, CVE-2016-9907, CVE-2016-9911, CVE-2016-9921, CVE-2016-9922, CVE-2016-10155, CVE-2017-5579, CVE-2017-5973, CVE-2017-6414, CVE-2017-8309, CVE-2017-8379, CVE-2017-9310, CVE-2017-9373, CVE-2017-9374, CVE-2017-9375)

Red Hat would like to thank Donghai Zdh (Alibaba Inc.) for reporting CVE-2016-4020; Li Qiang (Qihoo 360 Inc.) for reporting CVE-2016-6888; Qinghao Tang (Marvel Team 360.cn Inc.) and Zhenhao Hong (Marvel Team 360.cn Inc.) for reporting CVE-2016-7422; Li Qiang (360.cn Inc.) for reporting CVE-2016-7466, CVE-2016-10155, CVE-2017-5579, CVE-2017-5973, and CVE-2017-6414; PSIRT (Huawei Inc.) for reporting CVE-2016-8669; Andrew Henderson (Intelligent Automation Inc.) for reporting CVE-2016-8910; Qinghao Tang (Qihoo 360), Li Qiang (Qihoo 360), and Jiangxin (Huawei Inc.) for reporting CVE-2016-9921 and CVE-2016-9922; Jiang Xin (PSIRT, Huawei Inc.) for reporting CVE-2017-8309 and CVE-2017-8379; and Li Qiang (Qihoo 360 Gear Team) for reporting CVE-2017-9310, CVE-2017-9373, CVE-2017-9374, and CVE-2017-9375.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL qemu-kvm-rhev package based on the guidance in RHSA-2017:2408.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=1369031

https://bugzilla.redhat.com/show_bug.cgi?id=1376755

https://bugzilla.redhat.com/show_bug.cgi?id=1377837

https://bugzilla.redhat.com/show_bug.cgi?id=1384909

https://bugzilla.redhat.com/show_bug.cgi?id=1388046

https://bugzilla.redhat.com/show_bug.cgi?id=1388052

https://bugzilla.redhat.com/show_bug.cgi?id=1402265

https://bugzilla.redhat.com/show_bug.cgi?id=1402272

https://bugzilla.redhat.com/show_bug.cgi?id=1415199

https://bugzilla.redhat.com/show_bug.cgi?id=1416157

https://bugzilla.redhat.com/show_bug.cgi?id=1421626

https://bugzilla.redhat.com/show_bug.cgi?id=1427833

https://bugzilla.redhat.com/show_bug.cgi?id=1446517

https://bugzilla.redhat.com/show_bug.cgi?id=1446547

https://bugzilla.redhat.com/show_bug.cgi?id=1452620

https://bugzilla.redhat.com/show_bug.cgi?id=1458270

https://bugzilla.redhat.com/show_bug.cgi?id=1458744

https://bugzilla.redhat.com/show_bug.cgi?id=1459132

https://bugzilla.redhat.com/show_bug.cgi?id=1459661

https://bugzilla.redhat.com/show_bug.cgi?id=1459663

https://bugzilla.redhat.com/show_bug.cgi?id=1459664

https://bugzilla.redhat.com/show_bug.cgi?id=1459666

https://bugzilla.redhat.com/show_bug.cgi?id=1459667

https://bugzilla.redhat.com/show_bug.cgi?id=1459668

https://bugzilla.redhat.com/show_bug.cgi?id=1460170

http://www.nessus.org/u?2d6dbdb2

https://access.redhat.com/errata/RHSA-2017:2408

https://access.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1313686

https://bugzilla.redhat.com/show_bug.cgi?id=1333425

https://bugzilla.redhat.com/show_bug.cgi?id=1334398

Plugin Details

Severity: Medium

ID: 210314

File Name: redhat-RHSA-2017-2408.nasl

Version: 1.1

Type: local

Agent: unix

Published: 11/5/2024

Updated: 11/5/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2016-4020

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev, p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev, p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 8/1/2017

Vulnerability Publication Date: 4/13/2016

Reference Information

CVE: CVE-2016-10155, CVE-2016-4020, CVE-2016-6888, CVE-2016-7422, CVE-2016-7466, CVE-2016-8576, CVE-2016-8669, CVE-2016-8909, CVE-2016-8910, CVE-2016-9907, CVE-2016-9911, CVE-2016-9921, CVE-2016-9922, CVE-2017-5579, CVE-2017-5973, CVE-2017-6414, CVE-2017-8309, CVE-2017-8379, CVE-2017-9310, CVE-2017-9373, CVE-2017-9374, CVE-2017-9375, CVE-2017-9524

CWE: 119, 200, 244, 369, 476, 772, 835

RHSA: 2017:2408