Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : qemu vulnerabilities (USN-3414-1)

Ubuntu Security Notice (C) 2017 Canonical, Inc. / NASL script (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

Leo Gaspard discovered that QEMU incorrectly handled VirtFS access
control. A guest attacker could use this issue to elevate privileges
inside the guest. (CVE-2017-7493)

Li Qiang discovered that QEMU incorrectly handled VMware PVSCSI
emulation. A privileged attacker inside the guest could use this issue
to cause QEMU to consume resources or crash, resulting in a denial of
service. (CVE-2017-8112)

It was discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2
Host Bus Adapter emulation support. A privileged attacker inside the
guest could use this issue to cause QEMU to crash, resulting in a
denial of service, or possibly to obtain sensitive host memory. This
issue only affected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-8380)

Li Qiang discovered that QEMU incorrectly handled the Virtio GPU
device. An attacker inside the guest could use this issue to cause
QEMU to consume resources and crash, resulting in a denial of service.
This issue only affected Ubuntu 17.04. (CVE-2017-9060)

Li Qiang discovered that QEMU incorrectly handled the e1000e device. A
privileged attacker inside the guest could use this issue to cause
QEMU to hang, resulting in a denial of service. This issue only
affected Ubuntu 17.04. (CVE-2017-9310)

Li Qiang discovered that QEMU incorrectly handled USB OHCI emulation
support. An attacker inside the guest could use this issue to cause
QEMU to crash, resulting in a denial of service. (CVE-2017-9330)

Li Qiang discovered that QEMU incorrectly handled IDE AHCI emulation
support. A privileged attacker inside the guest could use this issue
to cause QEMU to consume resources and crash, resulting in a denial of
service. (CVE-2017-9373)

Li Qiang discovered that QEMU incorrectly handled USB EHCI emulation
support. A privileged attacker inside the guest could use this issue
to cause QEMU to consume resources and crash, resulting in a denial of
service. (CVE-2017-9374)

Li Qiang discovered that QEMU incorrectly handled USB xHCI emulation
support. A privileged attacker inside the guest could use this issue
to cause QEMU to hang, resulting in a denial of service.
(CVE-2017-9375)

Zhangyanyu discovered that QEMU incorrectly handled MegaRAID SAS
8708EM2 Host Bus Adapter emulation support. A privileged attacker
inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. (CVE-2017-9503)

It was discovered that the QEMU qemu-nbd server incorrectly handled
initialization. A remote attacker could use this issue to cause the
server to crash, resulting in a denial of service. (CVE-2017-9524)

It was discovered that the QEMU qemu-nbd server incorrectly handled
signals. A remote attacker could use this issue to cause the server to
crash, resulting in a denial of service. (CVE-2017-10664)

Li Qiang discovered that the QEMU USB redirector incorrectly handled
logging debug messages. An attacker inside the guest could use this
issue to cause QEMU to crash, resulting in a denial of service.
(CVE-2017-10806)

Anthony Perard discovered that QEMU incorrectly handled Xen
block-interface responses. An attacker inside the guest could use this
issue to cause QEMU to leak contents of host memory. (CVE-2017-10911)

Reno Robert discovered that QEMU incorrectly handled certain DHCP
options strings. An attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service.
(CVE-2017-11434)

Ryan Salsamendi discovered that QEMU incorrectly handled empty CDROM
device drives. A privileged attacker inside the guest could use this
issue to cause QEMU to crash, resulting in a denial of service. This
issue only affected Ubuntu 16.04 LTS and Ubuntu 17.04.
(CVE-2017-12809).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.4
(CVSS2#E:U/RL:U/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now