- Vulnerability/
- USN-3414-1
USN-3414-1: QEMU vulnerabilities
First published: Wed Sep 13 2017(Updated: )
Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. (CVE-2017-7493) Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources or crash, resulting in a denial of service. (CVE-2017-8112) It was discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly to obtain sensitive host memory. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-8380) Li Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. This issue only affected Ubuntu 17.04. (CVE-2017-9060) Li Qiang discovered that QEMU incorrectly handled the e1000e device. A privileged attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service. This issue only affected Ubuntu 17.04. (CVE-2017-9310) Li Qiang discovered that QEMU incorrectly handled USB OHCI emulation support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-9330) Li Qiang discovered that QEMU incorrectly handled IDE AHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. (CVE-2017-9373) Li Qiang discovered that QEMU incorrectly handled USB EHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. (CVE-2017-9374) Li Qiang discovered that QEMU incorrectly handled USB xHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service. (CVE-2017-9375) Zhangyanyu discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-9503) It was discovered that the QEMU qemu-nbd server incorrectly handled initialization. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-9524) It was discovered that the QEMU qemu-nbd server incorrectly handled signals. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-10664) Li Qiang discovered that the QEMU USB redirector incorrectly handled logging debug messages. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-10806) Anthony Perard discovered that QEMU incorrectly handled Xen block-interface responses. An attacker inside the guest could use this issue to cause QEMU to leak contents of host memory. (CVE-2017-10911) Reno Robert discovered that QEMU incorrectly handled certain DHCP options strings. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-11434) Ryan Salsamendi discovered that QEMU incorrectly handled empty CDROM device drives. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-12809)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/qemu-system | <1:2.8+dfsg-3ubuntu2.4 | 1:2.8+dfsg-3ubuntu2.4 |
| =17.04 | ||
| All of | ||
| ubuntu/qemu-system-aarch64 | <1:2.8+dfsg-3ubuntu2.4 | 1:2.8+dfsg-3ubuntu2.4 |
| =17.04 | ||
| All of | ||
| ubuntu/qemu-system-arm | <1:2.8+dfsg-3ubuntu2.4 | 1:2.8+dfsg-3ubuntu2.4 |
| =17.04 | ||
| All of | ||
| ubuntu/qemu-system-mips | <1:2.8+dfsg-3ubuntu2.4 | 1:2.8+dfsg-3ubuntu2.4 |
| =17.04 | ||
| All of | ||
| ubuntu/qemu-system-misc | <1:2.8+dfsg-3ubuntu2.4 | 1:2.8+dfsg-3ubuntu2.4 |
| =17.04 | ||
| All of | ||
| ubuntu/qemu-system-ppc | <1:2.8+dfsg-3ubuntu2.4 | 1:2.8+dfsg-3ubuntu2.4 |
| =17.04 | ||
| All of | ||
| ubuntu/qemu-system-s390x | <1:2.8+dfsg-3ubuntu2.4 | 1:2.8+dfsg-3ubuntu2.4 |
| =17.04 | ||
| All of | ||
| ubuntu/qemu-system-sparc | <1:2.8+dfsg-3ubuntu2.4 | 1:2.8+dfsg-3ubuntu2.4 |
| =17.04 | ||
| All of | ||
| ubuntu/qemu-system-x86 | <1:2.8+dfsg-3ubuntu2.4 | 1:2.8+dfsg-3ubuntu2.4 |
| =17.04 | ||
| All of | ||
| ubuntu/qemu-system | <1:2.5+dfsg-5ubuntu10.15 | 1:2.5+dfsg-5ubuntu10.15 |
| =16.04 | ||
| All of | ||
| ubuntu/qemu-system-aarch64 | <1:2.5+dfsg-5ubuntu10.15 | 1:2.5+dfsg-5ubuntu10.15 |
| =16.04 | ||
| All of | ||
| ubuntu/qemu-system-arm | <1:2.5+dfsg-5ubuntu10.15 | 1:2.5+dfsg-5ubuntu10.15 |
| =16.04 | ||
| All of | ||
| ubuntu/qemu-system-mips | <1:2.5+dfsg-5ubuntu10.15 | 1:2.5+dfsg-5ubuntu10.15 |
| =16.04 | ||
| All of | ||
| ubuntu/qemu-system-misc | <1:2.5+dfsg-5ubuntu10.15 | 1:2.5+dfsg-5ubuntu10.15 |
| =16.04 | ||
| All of | ||
| ubuntu/qemu-system-ppc | <1:2.5+dfsg-5ubuntu10.15 | 1:2.5+dfsg-5ubuntu10.15 |
| =16.04 | ||
| All of | ||
| ubuntu/qemu-system-s390x | <1:2.5+dfsg-5ubuntu10.15 | 1:2.5+dfsg-5ubuntu10.15 |
| =16.04 | ||
| All of | ||
| ubuntu/qemu-system-sparc | <1:2.5+dfsg-5ubuntu10.15 | 1:2.5+dfsg-5ubuntu10.15 |
| =16.04 | ||
| All of | ||
| ubuntu/qemu-system-x86 | <1:2.5+dfsg-5ubuntu10.15 | 1:2.5+dfsg-5ubuntu10.15 |
| =16.04 | ||
| All of | ||
| ubuntu/qemu-system | <2.0.0+dfsg-2ubuntu1.35 | 2.0.0+dfsg-2ubuntu1.35 |
| =14.04 | ||
| All of | ||
| ubuntu/qemu-system-aarch64 | <2.0.0+dfsg-2ubuntu1.35 | 2.0.0+dfsg-2ubuntu1.35 |
| =14.04 | ||
| All of | ||
| ubuntu/qemu-system-arm | <2.0.0+dfsg-2ubuntu1.35 | 2.0.0+dfsg-2ubuntu1.35 |
| =14.04 | ||
| All of | ||
| ubuntu/qemu-system-mips | <2.0.0+dfsg-2ubuntu1.35 | 2.0.0+dfsg-2ubuntu1.35 |
| =14.04 | ||
| All of | ||
| ubuntu/qemu-system-misc | <2.0.0+dfsg-2ubuntu1.35 | 2.0.0+dfsg-2ubuntu1.35 |
| =14.04 | ||
| All of | ||
| ubuntu/qemu-system-ppc | <2.0.0+dfsg-2ubuntu1.35 | 2.0.0+dfsg-2ubuntu1.35 |
| =14.04 | ||
| All of | ||
| ubuntu/qemu-system-sparc | <2.0.0+dfsg-2ubuntu1.35 | 2.0.0+dfsg-2ubuntu1.35 |
| =14.04 | ||
| All of | ||
| ubuntu/qemu-system-x86 | <2.0.0+dfsg-2ubuntu1.35 | 2.0.0+dfsg-2ubuntu1.35 |
| =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2017-10664
- https://ubuntu.com/security/CVE-2017-10806
- https://ubuntu.com/security/CVE-2017-10911
- https://ubuntu.com/security/CVE-2017-11434
- https://ubuntu.com/security/CVE-2017-12809
- https://ubuntu.com/security/CVE-2017-7493
- https://ubuntu.com/security/CVE-2017-8112
- https://ubuntu.com/security/CVE-2017-8380
- https://ubuntu.com/security/CVE-2017-9060
- https://ubuntu.com/security/CVE-2017-9310
- https://ubuntu.com/security/CVE-2017-9330
- https://ubuntu.com/security/CVE-2017-9373
- https://ubuntu.com/security/CVE-2017-9374
- https://ubuntu.com/security/CVE-2017-9375
- https://ubuntu.com/security/CVE-2017-9503
- https://ubuntu.com/security/CVE-2017-9524
- https://ubuntu.com/security/notices/USN-3468-2
- https://ubuntu.com/security/notices/USN-3468-3
- https://ubuntu.com/security/notices/USN-3469-1
- https://ubuntu.com/security/notices/USN-3469-2
- https://ubuntu.com/security/notices/USN-3470-2
- https://ubuntu.com/security/notices/USN-3470-1
- https://ubuntu.com/security/notices/USN-3468-1
- https://launchpad.net/ubuntu/+source/qemu/1:2.8+dfsg-3ubuntu2.4
- https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.15
- https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.35
- https://ubuntu.com/security/notices/USN-3414-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability in USN-3414-1?
QEMU vulnerabilities in VirtFS access control and VMWare PVSCSI emulation.
How can an attacker exploit the vulnerability in USN-3414-1?
A guest attacker could elevate privileges inside the guest.
What versions of QEMU are affected by the vulnerability in USN-3414-1?
Versions 2.8 and 2.5 of QEMU are affected.
How do I fix the vulnerability in USN-3414-1?
Upgrade to QEMU version 1:2.8+dfsg-3ubuntu2.4 on Ubuntu 17.04, or version 1:2.5+dfsg-5ubuntu10.15 on Ubuntu 16.04, or version 2.0.0+dfsg-2ubuntu1.35 on Ubuntu 14.04.
Where can I find more information about the vulnerability in USN-3414-1?
You can find more information about the vulnerability in USN-3414-1 on the Ubuntu Security website.
- agent/severity
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/usn
- source/Ubuntu
- anchor-related/USN-3468-2
- anchor-related/USN-3468-3
- anchor-related/USN-3469-1
- anchor-related/USN-3469-2
- anchor-related/USN-3470-2
- anchor-related/USN-3470-1
- anchor-related/USN-3468-1
- agent/software-canonical-lookup
- agent/references
- agent/title
- agent/tags
- agent/description
- agent/event
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/17.04
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04