Virtuozzo 7 : qemu-img / qemu-kvm / qemu-kvm-common / etc (VZLSA-2017-0396)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Virtuozzo host is missing a security update.

Description :

An update for qemu-kvm is now available for Red Hat Enterprise Linux
7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Kernel-based Virtual Machine (KVM) is a full virtualization solution
for Linux on a variety of architectures. The qemu-kvm packages provide
the user-space component for running virtual machines that use KVM.

Security Fix(es) :

* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator
support is vulnerable to an out-of-bounds access issue. It could occur
while copying VGA data via bitblt copy in backward mode. A privileged
user inside a guest could use this flaw to crash the QEMU process
resulting in DoS or potentially execute arbitrary code on the host
with privileges of QEMU process on the host. (CVE-2017-2615)

* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator
support is vulnerable to an out-of-bounds access issue. The issue
could occur while copying VGA data in cirrus_bitblt_cputovideo. A
privileged user inside guest could use this flaw to crash the QEMU
process OR potentially execute arbitrary code on host with privileges
of the QEMU process. (CVE-2017-2620)

Red Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang
(360.cn Inc.) for reporting CVE-2017-2615.

Bug Fix(es) :

* When using the virtio-blk driver on a guest virtual machine with no
space on the virtual hard drive, the guest terminated unexpectedly
with a 'block I/O error in device' message and the qemu-kvm process
exited with a segmentation fault. This update fixes how the
system_reset QEMU signal is handled in the above scenario. As a
result, if a guest crashes due to no space left on the device,
qemu-kvm continues running and the guest can be reset as expected.
(BZ#1420049)

Note that Tenable Network Security has attempted to extract the
preceding description block directly from the corresponding Red Hat
security advisory. Virtuozzo provides no description for VZLSA
advisories. Tenable has attempted to automatically clean and format
it as much as possible without introducing additional issues.

See also :

http://www.nessus.org/u?f9f143bf
https://rhn.redhat.com/errata/RHSA-2017-0396.html

Solution :

Update the affected qemu-img / qemu-kvm / qemu-kvm-common / etc package.

Risk factor :

High / CVSS Base Score : 7.4
(CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 6.7
(CVSS2#E:POC/RL:U/RC:ND)
Public Exploit Available : true

Family: Virtuozzo Local Security Checks

Nessus Plugin ID: 101433 ()

Bugtraq ID:

CVE ID: CVE-2017-2615
CVE-2017-2620

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now