Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME73B43A958B1FD319DA65A376CE678D1510EB30EBC50A1EEE42A260005D6530B
HistoryJun 18, 2018 - 1:34 a.m.

Security Bulletin: Vulnerabilities in QEMU affect PowerKVM

2018-06-1801:34:46
www.ibm.com
21

0.012 Low

EPSS

Percentile

84.9%

JSON

Summary

PowerKVM is affected by vulnerabilities in QEMU. IBM has now addressed these vulnerabilities.

Vulnerability Details

CVEID: CVE-2016-5105**
DESCRIPTION:** QEMU, built with the MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, is vulnerable to a denial of service, caused by a stack information leakage in megasas_dcmd_cfg_read. By processing MegaRAID Firmware Interface(MFI) command to read device configuration, an authenticated attacker could exploit this vulnerability to leak host memory bytes.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113528 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-5106**
DESCRIPTION:** QEMU, built with the MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, is vulnerable to a denial of service, caused by an out of bounds write error in megasas_dcmd_set_properties. By processing MegaRAID Firmware Interface(MFI) command to set controller properties, an authenticated attacker could exploit this vulnerability to cause the QEMU process to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113529 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-5107**
DESCRIPTION:** QEMU, built with the MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, is vulnerable to a denial of service, caused by an out of bounds read error in megasas_lookup_frame routine. By looking up MegaRAID Firmware Interface(MFI) command frames, an authenticated attacker could exploit this vulnerability to cause the QEMU process to crash on the host.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113530 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-6351**
DESCRIPTION:** QEMU, with ESP/NCR53C9x controller emulation support, could allow a local authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the esp_do_dma function in hw/scsi/esp.c. An attacker could exploit this vulnerability using attack vectors to execute arbitrary code on QEMU host and cause the QEMU process to crash.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116795 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)

CVEID: CVE-2016-7161**
DESCRIPTION:** QEMU is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by xlnx.xps-ethernetlite. By sending an overly large ethlite packet, a remote attacker could overflow a buffer and execute arbitrary code on the QEMU host.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117719 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-7908**
DESCRIPTION:** QEMU is vulnerable to a denial of service, caused by the failure to properly limit the buffer descriptor count when transmitting packets in mcf_fec_do_tx function in mcf_fec.c. By sending a specially-crafted buffer descriptor and bd.flags, an attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 4.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117585 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-7909**
DESCRIPTION:** QEMU is vulnerable to a denial of service, caused by an error in the pcnet_rdra_addr function in hw/net/pcnet.c. By setting the receive or transmit descriptor ring length to 0, a local guest OS administrator could exploit this vulnerability to cause the QEMU process to enter into an infinite loop and crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117717 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-8576**
DESCRIPTION:** QEMU, (aka Quick Emulator), is vulnerable to a denial of service, caused by an error in the xhci_ring_fetch function. By failing to limit the number of link Transfer Request Blocks (TRB) to process, a local attacker with admin privileges could exploit this vulnerability to cause the application to enter into an infinite loop and the QEMU process to crash.
CVSS Base Score: 6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119186 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)

CVEID: CVE-2016-8577**
DESCRIPTION:** QEMU, (aka Quick Emulator), is vulnerable to a denial of service, caused by multiple memory leaks in the v9fs_read function. By using vectors related to an I/O read operation, a local attacker with admin privileges could exploit this vulnerability to consume all available memory resources.
CVSS Base Score: 6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119187 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)

CVEID: CVE-2016-8578**
DESCRIPTION:** QEMU, (aka Quick Emulator), is vulnerable to a denial of service, caused by a NULL pointer dereference in the v9fs_iov_vunmarshal function. By sending an empty string parameter to a 9P operation, a local attacker with admin privileges could exploit this vulnerability to cause the QEMU process to crash.
CVSS Base Score: 6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119188 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)

CVEID: CVE-2016-8669**
DESCRIPTION:** QEMU is vulnerable to a denial of service, caused by a divide-by-zero error in the serial_update_parameters function in hw/char/serial.c. By using vectors involving a value of divider greater than baud base, a local authenticated attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118989 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)

CVEID: CVE-2016-8909**
DESCRIPTION:** QEMU is vulnerable to a denial of service, caused by an error in the intel_hda_xfer function in hw/audio/intel-hda.c. By using an entry with the same value for buffer length and pointer position, a local authenticated attacker could exploit this vulnerability to cause the application to enter into an infinite loop and consume all available CPU resources.
CVSS Base Score: 6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118998 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)

CVEID: CVE-2016-8910**
DESCRIPTION:** QEMU is vulnerable to a denial of service, caused by an error in the rtl8139_cplus_transmit function in hw/net/rtl8139.c. By leveraging failure to limit the ring descriptor count, a local authenticated attacker could exploit this vulnerability to cause the application to enter into an infinite loop and consume all available CPU resources.
CVSS Base Score: 6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118999 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)

Affected Products and Versions

PowerKVM 2.1 and PowerKVM 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using “yum update”.

Fix images are made available via Fix Central. For version 3.1, see https://ibm.biz/BdHggw. This issue is addressed as of 3.1.0.2 update 4 or later.

For version 2.1, see https://ibm.biz/BdEnT8. This issue is addressed as of PowerKVM 2.1.1.3-65 update 14 or later. Customers running v2.1 are, in any case, encouraged to upgrade to v3.1.

For v2.1 systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README&gt; for prerequisite fixes and instructions.

Workarounds and Mitigations

None

CPENameOperatorVersion
powerkvmeq2.1
powerkvmeq3.1

Related

debian 7
osv 12
openvas 29
nessus 28
suse 11
gentoo 1
fedora 7
archlinux 2
ubuntucve 13
cvelist 13
nvd 13
veracode 4
cve 13
prion 13
redhatcve 13
cbl_mariner 1
debiancve 13
alpinelinux 5
ubuntu 1
debian
debian
[SECURITY] [DLA 678-1] qemu security update
2016-10-25 20:20:15
[SECURITY] [DLA 679-1] qemu-kvm security update
2016-10-25 20:22:03
[SECURITY] [DLA 689-1] qemu-kvm security update
2016-10-30 13:33:36
osv
osv
qemu - security update
2016-10-25 00:00:00
qemu-kvm - security update
2016-10-25 00:00:00
qemu - security update
2016-10-11 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-679-1)
2023-03-08 00:00:00
Debian: Security Advisory (DLA-678-1)
2023-03-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:2902-1)
2021-06-09 00:00:00
nessus
nessus
Debian DLA-679-1 : qemu-kvm security update
2016-10-26 00:00:00
Debian DLA-678-1 : qemu security update
2016-10-26 00:00:00
Debian DLA-689-1 : qemu-kvm security update
2016-10-31 00:00:00
suse
suse
Security update for kvm (important)
2016-11-24 18:10:22
Security update for qemu (important)
2016-11-29 14:07:08
Security update for qemu (important)
2016-12-12 19:18:29
gentoo
gentoo
QEMU: Multiple vulnerabilities
2016-11-18 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: xen-4.7.0-7.fc25
2016-11-19 21:36:03
[SECURITY] Fedora 23 Update: xen-4.5.5-3.fc23
2016-11-10 15:54:47
[SECURITY] Fedora 24 Update: xen-4.6.3-7.fc24
2016-11-10 03:33:10
archlinux
archlinux
qemu: multiple issues
2016-06-08 00:00:00
qemu-arch-extra: multiple issues
2016-06-08 00:00:00
ubuntucve
ubuntucve
CVE-2016-8909
2016-11-04 00:00:00
CVE-2016-7908
2016-10-05 00:00:00
CVE-2016-8578
2016-11-04 00:00:00
cvelist
cvelist
CVE-2016-8909
2016-11-04 21:00:00
CVE-2016-8576
2016-11-04 21:00:00
CVE-2016-7161
2016-10-05 16:00:00
nvd
nvd
CVE-2016-8909
2016-11-04 21:59:09
CVE-2016-6351
2016-09-07 18:59:04
CVE-2016-7908
2016-10-05 16:59:11
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:36:20
Denial Of Service (DoS)
2019-05-02 06:36:22
Denial Of Service (DoS)
2019-05-02 06:36:19
cve
cve
CVE-2016-8576
2016-11-04 21:59:00
CVE-2016-8910
2016-11-04 21:59:10
CVE-2016-8578
2016-11-04 21:59:02
prion
prion
Design/Logic Flaw
2016-11-04 21:59:00
Design/Logic Flaw
2016-10-05 16:59:00
Null pointer dereference
2016-11-04 21:59:00
redhatcve
redhatcve
CVE-2016-7909
2016-10-04 08:17:43
CVE-2016-7908
2016-10-04 08:17:38
CVE-2016-8910
2020-03-24 01:51:35
cbl_mariner
cbl_mariner
CVE-2016-7161 affecting package qemu-kvm 4.2.0-13
2020-10-08 18:09:57
debiancve
debiancve
CVE-2016-7908
2016-10-05 16:59:11
CVE-2016-5106
2016-09-02 14:59:03
CVE-2016-8910
2016-11-04 21:59:10
alpinelinux
alpinelinux
CVE-2016-8910
2016-11-04 21:59:10
CVE-2016-8576
2016-11-04 21:59:00
CVE-2016-8909
2016-11-04 21:59:09
ubuntu
ubuntu
QEMU vulnerabilities
2016-08-04 00:00:00

0.012 Low

EPSS

Percentile

84.9%

JSON
Related for E73B43A958B1FD319DA65A376CE678D1510EB30EBC50A1EEE42A260005D6530B
debian7osv12openvas29nessus28suse11gentoo1fedora7archlinux2ubuntucve13cvelist13nvd13veracode4cve13prion13redhatcve13cbl_mariner1debiancve13alpinelinux5ubuntu1