IBM Support

Security Bulletin: Vulnerabilities in Qemu-kvm affect IBM SmartCloud Entry

Created by Chun Xia Li on
Published URL:
https://www.ibm.com/support/pages/node/630393
630393

Security Bulletin


Summary

IBM SmartCloud Entry is vulnerable to Qemu-kvm vulnerabilities. Attackers could overflow a buffer and execute arbitrary code on the system or cause the application to crash, or could exploit these vulnerabilities to gain elevated privileges on the host system or cause a denial of service, modify access modes and execute arbitrary code on the system with the privileges of the Qemu process, or cause a denial of service.

CVE-2015-7512 CVE-2015-7504 CVE-2016-1714 CVE-2016-3710 CVE-2016-5403

Vulnerability Details

CVEID: CVE-2015-7504
DESCRIPTION: Xen is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the QEMU PCNET controller. By sending a specially crafted packet while in the loopback mode, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108358 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2015-7512
DESCRIPTION: Qemu is vulnerable to a buffer overflow, caused by improper bounds checking by the AMD PC-Net II emulator. By sending specially crafted packets, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108362 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-1714
DESCRIPTION: QEMU could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds read/write access error when processing firmware configurations. An attacker with CAP_SYS_RAWIO capabilities could exploit this vulnerability to gain elevated privileges on the host system or cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110305 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-3710
DESCRIPTION: Xen could allow a local attacker to gain elevated privileges on the system, caused by the failure to restrict banked access to video memory by the Qemu VGA module. By setting the bank register, an attacker could exploit this vulnerability to modify access modes and execute arbitrary code on the system with the privileges of the Qemu process.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113038 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-5403
DESCRIPTION: Xen is vulnerable to a denial of service, caused by an unbounded memory allocation in QEMU. By sending a specially crafted virtio request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115591 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions


IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 22
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 22

Remediation/Fixes


ProductVRMFAPARRemediation/First Fix
IBM SmartCloud Entry3.1NoneIBM SmartCloud Entry 3.1.0 Appliance Fixpack 23:

http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.1.0.4-IBM-SCE_APPL-FP23&source=SAR
IBM SmartCloud Entry3.2NoneIBM SmartCloud Entry 3.2.0 Appliance Fixpack 23:

http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.2.0.4-IBM-SCE_APPL-FP23&source=SAR

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v2 Guide
On-line Calculator v2

Complete CVSS v3 Guide
On-line Calculator v3

Off

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

November 25, 2016: Original version published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SST55W","label":"IBM Cloud Manager with OpenStack"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF016","label":"Linux"}],"Version":"3.1;3.2","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
18 July 2020

UID

isg3T1024738

Page Feedback