Ubuntu
qemu package

CVE-2017-9375 fix cause qemu crash

Bug #1718222 reported by RussianNeuroMancer
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
qemu (Debian)
Fix Released
Unknown
qemu (Ubuntu)
Fix Released
High
Unassigned
Trusty
Fix Released
High
Marc Deslauriers
Xenial
Fix Released
High
Marc Deslauriers
Zesty
Fix Released
High
Marc Deslauriers
Artful
Fix Released
High
Unassigned

Bug Description

CVE-2017-9375 fix cause qemu crash on Ubuntu 17.04 if USB 3 controller is selected in virtual machine properties.

To reproduce this issue:
1. Install Ubuntu 17.04
2. Install package ubuntu-virt
3. Create virtual machine with USB 3 controller
4. Try to start this virtual machine

Error message from libvirt log:
qemu-system-x86_64: /build/qemu-g5EXBU/qemu-2.8+dfsg/hw/usb/hcd-xhci.c:2169: xhci_kick_epctx: Assertion `!epctx->kick_active' failed.

Workaround:
Switch controller type to USB 2, but AFAIK this is not applicable if user need to passthrough many USB devices to guest, or if user actually need USB 3 speed.

CVE References

Revision history for this message
RussianNeuroMancer (russianneuromancer) wrote :

Example of xml that cause qemu crash on updated Ubuntu 17.04.

tags: added: regression-update zesty
Revision history for this message
RussianNeuroMancer (russianneuromancer) wrote :

https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg09322.html

Revision history for this message
RussianNeuroMancer (russianneuromancer) wrote :

https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg03793.html

Revision history for this message
RussianNeuroMancer (russianneuromancer) wrote :

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869945

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Subscribing Mark who did the fix for his check on the case.
And setting regression-upgrade until we know otherwise.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Oh tag was already set, thanks!

Bug Watch Updater (bug-watch-updater)
Changed in qemu (Debian):
status: Unknown → Fix Released
Marc Deslauriers (mdeslaur)
Changed in qemu (Ubuntu Artful):
status: New → Fix Released
Changed in qemu (Ubuntu Trusty):
status: New → Confirmed
Changed in qemu (Ubuntu Xenial):
status: New → In Progress
Changed in qemu (Ubuntu Trusty):
status: Confirmed → In Progress
Changed in qemu (Ubuntu Zesty):
status: New → In Progress
Changed in qemu (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in qemu (Ubuntu Xenial):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in qemu (Ubuntu Zesty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in qemu (Ubuntu Trusty):
importance: Undecided → High
Changed in qemu (Ubuntu Xenial):
importance: Undecided → High
Changed in qemu (Ubuntu Zesty):
importance: Undecided → High
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qemu - 1:2.8+dfsg-3ubuntu2.5

---------------
qemu (1:2.8+dfsg-3ubuntu2.5) zesty-security; urgency=medium

  * SECURITY REGRESSION: regression in in USB xHCI emulation (LP: #1718222)
    - debian/patches/CVE-2017-9375-regression.patch: don't kick in
      xhci_submit and xhci_fire_ctl_transfer in hw/usb/hcd-xhci.c.

 -- Marc Deslauriers <email address hidden> Wed, 20 Sep 2017 07:22:48 -0400

Changed in qemu (Ubuntu Zesty):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qemu - 2.0.0+dfsg-2ubuntu1.36

---------------
qemu (2.0.0+dfsg-2ubuntu1.36) trusty-security; urgency=medium

  * SECURITY REGRESSION: regression in in USB xHCI emulation (LP: #1718222)
    - debian/patches/CVE-2017-9375-regression.patch: don't kick in
      xhci_submit and xhci_fire_ctl_transfer in hw/usb/hcd-xhci.c.

 -- Marc Deslauriers <email address hidden> Wed, 20 Sep 2017 07:27:30 -0400

Changed in qemu (Ubuntu Trusty):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qemu - 1:2.5+dfsg-5ubuntu10.16

---------------
qemu (1:2.5+dfsg-5ubuntu10.16) xenial-security; urgency=medium

  * SECURITY REGRESSION: regression in in USB xHCI emulation (LP: #1718222)
    - debian/patches/CVE-2017-9375-regression.patch: don't kick in
      xhci_submit and xhci_fire_ctl_transfer in hw/usb/hcd-xhci.c.

 -- Marc Deslauriers <email address hidden> Wed, 20 Sep 2017 07:25:44 -0400

Changed in qemu (Ubuntu Xenial):
status: In Progress → Fix Released
Revision history for this message
RussianNeuroMancer (russianneuromancer) wrote :

Thanks for fast fix! :)

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks for the links, they were very helpful! :)

Mathew Hodson (mhodson)
Changed in qemu (Ubuntu Artful):
importance: Undecided → High
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.