RHEL 7 : qemu-kvm (RHSA-2016:2585)

medium Nessus Plugin ID 94548

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:2585 advisory.

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM.

Security Fix(es):

* An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU's VGA emulator set certain VGA registers while in VBE mode. A privileged guest user could use this flaw to crash the QEMU process instance. (CVE-2016-3712)

* An infinite loop flaw was found in the way QEMU's e1000 NIC emulation implementation processed data using transmit or receive descriptors under certain conditions. A privileged user inside a guest could use this flaw to crash the QEMU instance. (CVE-2016-1981)

Red Hat would like to thank Zuozhi Fzz (Alibaba Inc.) for reporting CVE-2016-3712.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?4165441c

http://www.nessus.org/u?df90da0d

https://access.redhat.com/errata/RHSA-2016:2585

https://access.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1156635

https://bugzilla.redhat.com/show_bug.cgi?id=1177318

https://bugzilla.redhat.com/show_bug.cgi?id=1252757

https://bugzilla.redhat.com/show_bug.cgi?id=1256741

https://bugzilla.redhat.com/show_bug.cgi?id=1265427

https://bugzilla.redhat.com/show_bug.cgi?id=1268345

https://bugzilla.redhat.com/show_bug.cgi?id=1268879

https://bugzilla.redhat.com/show_bug.cgi?id=1269738

https://bugzilla.redhat.com/show_bug.cgi?id=1272523

https://bugzilla.redhat.com/show_bug.cgi?id=1276036

https://bugzilla.redhat.com/show_bug.cgi?id=1277248

https://bugzilla.redhat.com/show_bug.cgi?id=1283116

https://bugzilla.redhat.com/show_bug.cgi?id=1298570

https://bugzilla.redhat.com/show_bug.cgi?id=1299116

https://bugzilla.redhat.com/show_bug.cgi?id=1299250

https://bugzilla.redhat.com/show_bug.cgi?id=1312289

https://bugzilla.redhat.com/show_bug.cgi?id=1318712

https://bugzilla.redhat.com/show_bug.cgi?id=1330969

https://bugzilla.redhat.com/show_bug.cgi?id=1333159

https://bugzilla.redhat.com/show_bug.cgi?id=1336491

https://bugzilla.redhat.com/show_bug.cgi?id=1340971

https://bugzilla.redhat.com/show_bug.cgi?id=1346982

https://bugzilla.redhat.com/show_bug.cgi?id=1351106

https://bugzilla.redhat.com/show_bug.cgi?id=1355730

https://bugzilla.redhat.com/show_bug.cgi?id=1360137

https://bugzilla.redhat.com/show_bug.cgi?id=1367040

https://bugzilla.redhat.com/show_bug.cgi?id=1371619

https://bugzilla.redhat.com/show_bug.cgi?id=1376542

Plugin Details

Severity: Medium

ID: 94548

File Name: redhat-RHSA-2016-2585.nasl

Version: 2.13

Type: local

Agent: unix

Published: 11/4/2016

Updated: 4/15/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2016-3712

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:qemu-img, p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools, p-cpe:/a:redhat:enterprise_linux:qemu-kvm, p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 11/3/2016

Vulnerability Publication Date: 5/11/2016

Reference Information

CVE: CVE-2016-1981, CVE-2016-3712

CWE: 125, 835

RHSA: 2016:2585