Home / mailings [USN-2974-1] QEMU vulnerabilities
Posted on 12 May 2016
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-2974-1
May 12, 2016
qemu, qemu-kvm vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in QEMU.
Software Description:
- qemu: Machine emulator and virtualizer
- qemu-kvm: Machine emulator and virtualizer
Details:
Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulation
support. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service. (CVE-2016-2391)
Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation
support. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service. (CVE-2016-2392)
Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation
support. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service, or possibly leak
host memory bytes. (CVE-2016-2538)
Hongke Yang discovered that QEMU incorrectly handled NE2000 emulation
support. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service. (CVE-2016-2841)
Ling Liu discovered that QEMU incorrectly handled IP checksum routines. A=
n
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service, or possibly leak host memory bytes.
(CVE-2016-2857)
It was discovered that QEMU incorrectly handled the PRNG back-end support=
=2E
An attacker inside the guest could use this issue to cause QEMU to crash,=
resulting in a denial of service. This issue only applied to Ubuntu 14.04=
LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-2858)
Wei Xiao and Qinghao Tang discovered that QEMU incorrectly handled access=
in the VGA module. A privileged attacker inside the guest could use this
issue to cause QEMU to crash, resulting in a denial of service, or possib=
ly
execute arbitrary code on the host. In the default installation, when QEM=
U
is used with libvirt, attackers would be isolated by the libvirt AppArmor=
profile. (CVE-2016-3710)
Zuozhi Fzz discovered that QEMU incorrectly handled access in the VGA
module. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service, or possibly
execute arbitrary code on the host. In the default installation, when QEM=
U
is used with libvirt, attackers would be isolated by the libvirt AppArmor=
profile. (CVE-2016-3712)
Oleksandr Bazhaniuk discovered that QEMU incorrectly handled Luminary
Micro Stellaris ethernet controller emulation. A remote attacker could us=
e
this issue to cause QEMU to crash, resulting in a denial of service.
(CVE-2016-4001)
Oleksandr Bazhaniuk discovered that QEMU incorrectly handled MIPSnet
controller emulation. A remote attacker could use this issue to cause QEM=
U
to crash, resulting in a denial of service. (CVE-2016-4002)
Donghai Zdh discovered that QEMU incorrectly handled the Task Priority
Register(TPR). A privileged attacker inside the guest could use this issu=
e
to possibly leak host memory bytes. This issue only applied to Ubuntu 14.=
04
LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-4020)
Du Shaobo discovered that QEMU incorrectly handled USB EHCI emulation
support. A privileged attacker inside the guest could use this issue to
cause QEMU to consume resources, resulting in a denial of service.
(CVE-2016-4037)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
qemu-system 1:2.5+dfsg-5ubuntu10.1
qemu-system-aarch64 1:2.5+dfsg-5ubuntu10.1
qemu-system-arm 1:2.5+dfsg-5ubuntu10.1
qemu-system-mips 1:2.5+dfsg-5ubuntu10.1
qemu-system-misc 1:2.5+dfsg-5ubuntu10.1
qemu-system-ppc 1:2.5+dfsg-5ubuntu10.1
qemu-system-s390x 1:2.5+dfsg-5ubuntu10.1
qemu-system-sparc 1:2.5+dfsg-5ubuntu10.1
qemu-system-x86 1:2.5+dfsg-5ubuntu10.1
Ubuntu 15.10:
qemu-system 1:2.3+dfsg-5ubuntu9.4
qemu-system-aarch64 1:2.3+dfsg-5ubuntu9.4
qemu-system-arm 1:2.3+dfsg-5ubuntu9.4
qemu-system-mips 1:2.3+dfsg-5ubuntu9.4
qemu-system-misc 1:2.3+dfsg-5ubuntu9.4
qemu-system-ppc 1:2.3+dfsg-5ubuntu9.4
qemu-system-sparc 1:2.3+dfsg-5ubuntu9.4
qemu-system-x86 1:2.3+dfsg-5ubuntu9.4
Ubuntu 14.04 LTS:
qemu-system 2.0.0+dfsg-2ubuntu1.24
qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.24
qemu-system-arm 2.0.0+dfsg-2ubuntu1.24
qemu-system-mips 2.0.0+dfsg-2ubuntu1.24
qemu-system-misc 2.0.0+dfsg-2ubuntu1.24
qemu-system-ppc 2.0.0+dfsg-2ubuntu1.24
qemu-system-sparc 2.0.0+dfsg-2ubuntu1.24
qemu-system-x86 2.0.0+dfsg-2ubuntu1.24
Ubuntu 12.04 LTS:
qemu-kvm 1.0+noroms-0ubuntu14.28
After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2974-1
CVE-2016-2391, CVE-2016-2392, CVE-2016-2538, CVE-2016-2841,
CVE-2016-2857, CVE-2016-2858, CVE-2016-3710, CVE-2016-3712,
CVE-2016-4001, CVE-2016-4002, CVE-2016-4020, CVE-2016-4037
Package Information:
https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.1
https://launchpad.net/ubuntu/+source/qemu/1:2.3+dfsg-5ubuntu9.4
https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.24
https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.28
