Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : qemu regression (USN-3414-2)

Ubuntu Security Notice (C) 2017 Canonical, Inc. / NASL script (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

USN-3414-1 fixed vulnerabilities in QEMU. The patch backport for
CVE-2017-9375 was incomplete and caused a regression in the USB xHCI
controller emulation support. This update fixes the problem.

We apologize for the inconvenience.

Leo Gaspard discovered that QEMU incorrectly handled VirtFS access
control. A guest attacker could use this issue to elevate privileges
inside the guest. (CVE-2017-7493)

Li Qiang discovered that QEMU incorrectly handled VMware
PVSCSI emulation. A privileged attacker inside the guest
could use this issue to cause QEMU to consume resources or
crash, resulting in a denial of service. (CVE-2017-8112)

It was discovered that QEMU incorrectly handled MegaRAID SAS
8708EM2 Host Bus Adapter emulation support. A privileged
attacker inside the guest could use this issue to cause QEMU
to crash, resulting in a denial of service, or possibly to
obtain sensitive host memory. This issue only affected
Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-8380)

Li Qiang discovered that QEMU incorrectly handled the Virtio
GPU device. An attacker inside the guest could use this
issue to cause QEMU to consume resources and crash,
resulting in a denial of service. This issue only affected
Ubuntu 17.04. (CVE-2017-9060)

Li Qiang discovered that QEMU incorrectly handled the e1000e
device. A privileged attacker inside the guest could use
this issue to cause QEMU to hang, resulting in a denial of
service. This issue only affected Ubuntu 17.04.
(CVE-2017-9310)

Li Qiang discovered that QEMU incorrectly handled USB OHCI
emulation support. An attacker inside the guest could use
this issue to cause QEMU to crash, resulting in a denial of
service. (CVE-2017-9330)

Li Qiang discovered that QEMU incorrectly handled IDE AHCI
emulation support. A privileged attacker inside the guest
could use this issue to cause QEMU to consume resources and
crash, resulting in a denial of service. (CVE-2017-9373)

Li Qiang discovered that QEMU incorrectly handled USB EHCI
emulation support. A privileged attacker inside the guest
could use this issue to cause QEMU to consume resources and
crash, resulting in a denial of service. (CVE-2017-9374)

Li Qiang discovered that QEMU incorrectly handled USB xHCI
emulation support. A privileged attacker inside the guest
could use this issue to cause QEMU to hang, resulting in a
denial of service. (CVE-2017-9375)

Zhangyanyu discovered that QEMU incorrectly handled MegaRAID
SAS 8708EM2 Host Bus Adapter emulation support. A privileged
attacker inside the guest could use this issue to cause QEMU
to crash, resulting in a denial of service. (CVE-2017-9503)

It was discovered that the QEMU qemu-nbd server incorrectly
handled initialization. A remote attacker could use this
issue to cause the server to crash, resulting in a denial of
service. (CVE-2017-9524)

It was discovered that the QEMU qemu-nbd server incorrectly
handled signals. A remote attacker could use this issue to
cause the server to crash, resulting in a denial of service.
(CVE-2017-10664)

Li Qiang discovered that the QEMU USB redirector incorrectly
handled logging debug messages. An attacker inside the guest
could use this issue to cause QEMU to crash, resulting in a
denial of service. (CVE-2017-10806)

Anthony Perard discovered that QEMU incorrectly handled Xen
block-interface responses. An attacker inside the guest
could use this issue to cause QEMU to leak contents of host
memory. (CVE-2017-10911)

Reno Robert discovered that QEMU incorrectly handled certain
DHCP options strings. An attacker inside the guest could use
this issue to cause QEMU to crash, resulting in a denial of
service. (CVE-2017-11434)

Ryan Salsamendi discovered that QEMU incorrectly handled
empty CDROM device drives. A privileged attacker inside the
guest could use this issue to cause QEMU to crash, resulting
in a denial of service. This issue only affected Ubuntu
16.04 LTS and Ubuntu 17.04. (CVE-2017-12809).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.4
(CVSS2#E:U/RL:U/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now