Debian Long Term Support / LTS Security Information / 2020 / Security Information -- DLA-2373-1 qemu

Debian Security Advisory

DLA-2373-1 qemu -- LTS security update

Date Reported:

14 Sep 2020

Affected Packages:

qemu

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 968947, Bug 961297, Bug 949731.
In Mitre's CVE dictionary: CVE-2020-1711, CVE-2020-13253, CVE-2020-14364, CVE-2020-16092.

More information:

The following security issues have been found in qemu, which could potentially result in DoS and execution of arbitrary code.

• CVE-2020-1711

  An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.

• CVE-2020-13253

  An out-of-bounds read access issue was found in the SD Memory Card emulator of the QEMU. It occurs while performing block write commands via sdhci_write(), if a guest user has sent address which is OOB of 's->wp_groups'. A guest user/process may use this flaw to crash the QEMU process resulting in DoS.

• CVE-2020-14364

  An out-of-bounds read/write access issue was found in the USB emulator of the QEMU. It occurs while processing USB packets from a guest, when 'USBDevice->setup_len' exceeds the USBDevice->data_buf[4096], in do_token_{in,out} routines.

• CVE-2020-16092

  An assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c

For Debian 9 stretch, these problems have been fixed in version 1:2.8+dfsg-6+deb9u11.

We recommend that you upgrade your qemu packages.

For the detailed security status of qemu please refer to its security tracker page at: https://security-tracker.debian.org/tracker/qemu

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS