Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : qemu, qemu-kvm vulnerabilities (USN-2974-1)

Ubuntu Security Notice (C) 2016 Canonical, Inc. / NASL script (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulation
support. A privileged attacker inside the guest could use this issue
to cause QEMU to crash, resulting in a denial of service.
(CVE-2016-2391)

Qinghao Tang discovered that QEMU incorrectly handled USB Net
emulation support. A privileged attacker inside the guest could use
this issue to cause QEMU to crash, resulting in a denial of service.
(CVE-2016-2392)

Qinghao Tang discovered that QEMU incorrectly handled USB Net
emulation support. A privileged attacker inside the guest could use
this issue to cause QEMU to crash, resulting in a denial of service,
or possibly leak host memory bytes. (CVE-2016-2538)

Hongke Yang discovered that QEMU incorrectly handled NE2000 emulation
support. A privileged attacker inside the guest could use this issue
to cause QEMU to crash, resulting in a denial of service.
(CVE-2016-2841)

Ling Liu discovered that QEMU incorrectly handled IP checksum
routines. An attacker inside the guest could use this issue to cause
QEMU to crash, resulting in a denial of service, or possibly leak host
memory bytes. (CVE-2016-2857)

It was discovered that QEMU incorrectly handled the PRNG back-end
support. An attacker inside the guest could use this issue to cause
QEMU to crash, resulting in a denial of service. This issue only
applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS.
(CVE-2016-2858)

Wei Xiao and Qinghao Tang discovered that QEMU incorrectly handled
access in the VGA module. A privileged attacker inside the guest could
use this issue to cause QEMU to crash, resulting in a denial of
service, or possibly execute arbitrary code on the host. In the
default installation, when QEMU is used with libvirt, attackers would
be isolated by the libvirt AppArmor profile. (CVE-2016-3710)

Zuozhi Fzz discovered that QEMU incorrectly handled access in the VGA
module. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service, or possibly
execute arbitrary code on the host. In the default installation, when
QEMU is used with libvirt, attackers would be isolated by the libvirt
AppArmor profile. (CVE-2016-3712)

Oleksandr Bazhaniuk discovered that QEMU incorrectly handled Luminary
Micro Stellaris ethernet controller emulation. A remote attacker could
use this issue to cause QEMU to crash, resulting in a denial of
service. (CVE-2016-4001)

Oleksandr Bazhaniuk discovered that QEMU incorrectly handled MIPSnet
controller emulation. A remote attacker could use this issue to cause
QEMU to crash, resulting in a denial of service. (CVE-2016-4002)

Donghai Zdh discovered that QEMU incorrectly handled the Task Priority
Register(TPR). A privileged attacker inside the guest could use this
issue to possibly leak host memory bytes. This issue only applied to
Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-4020)

Du Shaobo discovered that QEMU incorrectly handled USB EHCI emulation
support. A privileged attacker inside the guest could use this issue
to cause QEMU to consume resources, resulting in a denial of service.
(CVE-2016-4037).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now