SUSE SLES11 Security Update : kvm (SUSE-SU-2021:14772-1)

medium Nessus Plugin ID 152199

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14772-1 advisory.

- iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. (CVE-2020-11947)

- In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. (CVE-2020-15469)

- hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.
(CVE-2020-15863)

- ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate is a duplicate of CVE-2020-28916 (CVE-2020-25707)

- An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. (CVE-2021-20221)

- A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario. (CVE-2021-3416)

- An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. (CVE-2021-3592)

- An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. (CVE-2021-3594)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kvm package.

See Also

https://bugzilla.suse.com/1173612

https://bugzilla.suse.com/1174386

https://bugzilla.suse.com/1178683

https://bugzilla.suse.com/1180523

https://bugzilla.suse.com/1181933

https://bugzilla.suse.com/1186473

https://bugzilla.suse.com/1187364

https://bugzilla.suse.com/1187367

http://www.nessus.org/u?714dfca8

https://www.suse.com/security/cve/CVE-2020-11947

https://www.suse.com/security/cve/CVE-2020-15469

https://www.suse.com/security/cve/CVE-2020-15863

https://www.suse.com/security/cve/CVE-2020-25707

https://www.suse.com/security/cve/CVE-2021-20221

https://www.suse.com/security/cve/CVE-2021-3416

https://www.suse.com/security/cve/CVE-2021-3592

https://www.suse.com/security/cve/CVE-2021-3594

Plugin Details

Severity: Medium

ID: 152199

File Name: suse_SU-2021-14772-1.nasl

Version: 1.3

Type: local

Agent: unix

Published: 8/4/2021

Updated: 8/9/2021

Supported Sensors: Nessus Agent

Risk Information

CVSS Score Source: CVE-2020-15863

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.4

Temporal Score: 3.3

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kvm, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 8/3/2021

Vulnerability Publication Date: 7/2/2020

Reference Information

CVE: CVE-2020-11947, CVE-2020-15469, CVE-2020-15863, CVE-2020-25707, CVE-2021-3416, CVE-2021-3592, CVE-2021-3594, CVE-2021-20221

SuSE: SUSE-SU-2021:14772-1

IAVB: 2020-B-0041-S