Home / mailings [USN-3125-1] QEMU vulnerabilities
Posted on 09 November 2016
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-3125-1
November 09, 2016
qemu, qemu-kvm vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in QEMU.
Software Description:
- qemu: Machine emulator and virtualizer
- qemu-kvm: Machine emulator and virtualizer
Details:
Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. =
A
privileged attacker inside the guest could use this issue to cause QEMU t=
o
consume resources, resulting in a denial of service. (CVE-2016-5403)
Li Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network
card emulation support. A privileged attacker inside the guest could use
this issue to cause QEMU to crash, resulting in a denial of service. This=
issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.
(CVE-2016-6833, CVE-2016-6834, CVE-2016-6888)
Li Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network
card emulation support. A privileged attacker inside the guest could use
this issue to cause QEMU to crash, resulting in a denial of service, or
possibly execute arbitrary code on the host. In the default installation,=
when QEMU is used with libvirt, attackers would be isolated by the libvir=
t
AppArmor profile. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04=
LTS and Ubuntu 16.10. (CVE-2016-6835)
Li Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network
card emulation support. A privileged attacker inside the guest could use
this issue to possibly to obtain sensitive host memory. This issue only
affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.
(CVE-2016-6836)
Felix Wilhelm discovered that QEMU incorrectly handled Plan 9 File System=
(9pfs) support. A privileged attacker inside the guest could use this iss=
ue
to possibly to obtain sensitive host files. (CVE-2016-7116)
Li Qiang and Tom Victor discovered that QEMU incorrectly handled VMWARE
PVSCSI paravirtual SCSI bus emulation support. A privileged attacker insi=
de
the guest could use this issue to cause QEMU to crash, resulting in a
denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.0=
4
LTS and Ubuntu 16.10. (CVE-2016-7155)
Li Qiang discovered that QEMU incorrectly handled VMWARE PVSCSI paravirtu=
al
SCSI bus emulation support. A privileged attacker inside the guest could
use this issue to cause QEMU to crash, resulting in a denial of service.
This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu
16.10. (CVE-2016-7156, CVE-2016-7421)
Tom Victor discovered that QEMU incorrectly handled LSI SAS1068 host bus
emulation support. A privileged attacker inside the guest could use this
issue to cause QEMU to crash, resulting in a denial of service.
This issue only affected Ubuntu 16.10. (CVE-2016-7157)
Hu Chaojian discovered that QEMU incorrectly handled xlnx.xps-ethernetlit=
e
emulation support. A privileged attacker inside the guest could use this
issue to cause QEMU to crash, resulting in a denial of service, or possib=
ly
execute arbitrary code on the host. In the default installation, when QEM=
U
is used with libvirt, attackers would be isolated by the libvirt AppArmor=
profile. (CVE-2016-7161)
Qinghao Tang and Li Qiang discovered that QEMU incorrectly handled the
VMWare VGA module. A privileged attacker inside the guest could use this
issue to cause QEMU to crash, resulting in a denial of service.
(CVE-2016-7170)
Qinghao Tang and Zhenhao Hong discovered that QEMU incorrectly handled th=
e
Virtio module. A privileged attacker inside the guest could use this issu=
e
to cause QEMU to crash, resulting in a denial of service. This issue only=
affected Ubuntu 16.10. (CVE-2016-7422)
Li Qiang discovered that QEMU incorrectly handled LSI SAS1068 host bus
emulation support. A privileged attacker inside the guest could use this
issue to cause QEMU to crash, resulting in a denial of service.
This issue only affected Ubuntu 16.10. (CVE-2016-7423)
Li Qiang discovered that QEMU incorrectly handled USB xHCI controller
emulation support. A privileged attacker inside the guest could use this
issue to cause QEMU to crash, resulting in a denial of service.
This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-746=
6)
Li Qiang discovered that QEMU incorrectly handled ColdFire Fast Ethernet
Controller emulation support. A privileged attacker inside the guest coul=
d
use this issue to cause QEMU to crash, resulting in a denial of service.
(CVE-2016-7908)
Li Qiang discovered that QEMU incorrectly handled AMD PC-Net II emulation=
support. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service. (CVE-2016-7909)
Li Qiang discovered that QEMU incorrectly handled the Virtio GPU support.=
A
privileged attacker inside the guest could use this issue to cause QEMU t=
o
consume resources, resulting in a denial of service. This issue only
affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7994)
Li Qiang discovered that QEMU incorrectly handled USB EHCI emulation
support. A privileged attacker inside the guest could use this issue to
cause QEMU to consume resources, resulting in a denial of service. This
issue only affected Ubuntu 16.10. (CVE-2016-7995)
Li Qiang discovered that QEMU incorrectly handled USB xHCI controller
support. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.
(CVE-2016-8576)
Li Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pf=
s)
support. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.
(CVE-2016-8577, CVE-2016-8578)
It was discovered that QEMU incorrectly handled Rocker switch emulation
support. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service. This issue only
affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8668)
It was discovered that QEMU incorrectly handled Intel HDA controller
emulation support. A privileged attacker inside the guest could use this
issue to cause QEMU to consume resources, resulting in a denial of servic=
e.
(CVE-2016-8909)
Andrew Henderson discovered that QEMU incorrectly handled RTL8139 etherne=
t
controller emulation support. A privileged attacker inside the guest coul=
d
use this issue to cause QEMU to consume resources, resulting in a denial =
of
service. (CVE-2016-8910)
Li Qiang discovered that QEMU incorrectly handled Intel i8255x ethernet
controller emulation support. A privileged attacker inside the guest coul=
d
use this issue to cause QEMU to consume resources, resulting in a denial =
of
service. (CVE-2016-9101)
Li Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pf=
s)
support. A privileged attacker inside the guest could use this issue to
cause QEMU to consume resources, resulting in a denial of service.
(CVE-2016-9102, CVE-2016-9104, CVE-2016-9105)
Li Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pf=
s)
support. A privileged attacker inside the guest could use this issue to
possibly to obtain sensitive host memory. (CVE-2016-9103)
Li Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pf=
s)
support. A privileged attacker inside the guest could use this issue to
cause QEMU to consume resources, resulting in a denial of service. This
issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.
(CVE-2016-9106)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.10:
qemu-system 1:2.6.1+dfsg-0ubuntu5.1
qemu-system-aarch64 1:2.6.1+dfsg-0ubuntu5.1
qemu-system-arm 1:2.6.1+dfsg-0ubuntu5.1
qemu-system-mips 1:2.6.1+dfsg-0ubuntu5.1
qemu-system-misc 1:2.6.1+dfsg-0ubuntu5.1
qemu-system-ppc 1:2.6.1+dfsg-0ubuntu5.1
qemu-system-s390x 1:2.6.1+dfsg-0ubuntu5.1
qemu-system-sparc 1:2.6.1+dfsg-0ubuntu5.1
qemu-system-x86 1:2.6.1+dfsg-0ubuntu5.1
Ubuntu 16.04 LTS:
qemu-system 1:2.5+dfsg-5ubuntu10.6
qemu-system-aarch64 1:2.5+dfsg-5ubuntu10.6
qemu-system-arm 1:2.5+dfsg-5ubuntu10.6
qemu-system-mips 1:2.5+dfsg-5ubuntu10.6
qemu-system-misc 1:2.5+dfsg-5ubuntu10.6
qemu-system-ppc 1:2.5+dfsg-5ubuntu10.6
qemu-system-s390x 1:2.5+dfsg-5ubuntu10.6
qemu-system-sparc 1:2.5+dfsg-5ubuntu10.6
qemu-system-x86 1:2.5+dfsg-5ubuntu10.6
Ubuntu 14.04 LTS:
qemu-system 2.0.0+dfsg-2ubuntu1.30
qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.30
qemu-system-arm 2.0.0+dfsg-2ubuntu1.30
qemu-system-mips 2.0.0+dfsg-2ubuntu1.30
qemu-system-misc 2.0.0+dfsg-2ubuntu1.30
qemu-system-ppc 2.0.0+dfsg-2ubuntu1.30
qemu-system-sparc 2.0.0+dfsg-2ubuntu1.30
qemu-system-x86 2.0.0+dfsg-2ubuntu1.30
Ubuntu 12.04 LTS:
qemu-kvm 1.0+noroms-0ubuntu14.31
After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3125-1
CVE-2016-5403, CVE-2016-6833, CVE-2016-6834, CVE-2016-6835,
CVE-2016-6836, CVE-2016-6888, CVE-2016-7116, CVE-2016-7155,
CVE-2016-7156, CVE-2016-7157, CVE-2016-7161, CVE-2016-7170,
CVE-2016-7421, CVE-2016-7422, CVE-2016-7423, CVE-2016-7466,
CVE-2016-7908, CVE-2016-7909, CVE-2016-7994, CVE-2016-7995,
CVE-2016-8576, CVE-2016-8577, CVE-2016-8578, CVE-2016-8668,
CVE-2016-8909, CVE-2016-8910, CVE-2016-9101, CVE-2016-9102,
CVE-2016-9103, CVE-2016-9104, CVE-2016-9105, CVE-2016-9106
Package Information:
https://launchpad.net/ubuntu/+source/qemu/1:2.6.1+dfsg-0ubuntu5.1
https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.6
https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.30
https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.31
--dl8K5hrf2ka0t01V1qLQeUqTojmer9KLa--
