Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 23 Jun 2014 18:36:11 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
Subject: CVE-2014-3471 Qemu: hw: pci: use after free triggered via guest

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

    Hello,

Qemu PCIe bus support is vulnerable to a use-after-free flaw. It could occur
via guest, when it tries to hotplug/hotunplug devices on the guest.

A user able to add & delete Virtio block devices on a guest could use this
flaw to crash the Qemu instance resulting in DoS.

Upstream fix:
- -------------
   -> https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html

Thank you.
- --
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTqCZDAAoJEN0TPTL+WwQf6ooP/04A9RjbsqIomiYV5XaVQCU4
BRf3YUoxcwxm9RvnJbdteEfjNCbsjtVDZ07u9JOr06zlgI7CiO+Mgv9NtQUHeZAb
JafpFbBMKfTykjyWyvubVihfugYHAZwY5UdHXdfazeZuZrnSVA7b98szBGrwe075
yPUTVf5G49F1Y8z4TvRFiG6rYj19cQihoKwzboJ+LJjNTVk5stBEUxEXwFYcIPIw
BHdiy/Uqq9HzmUlimOgEZ7ixlDWC92zlln0CWgaKK5KugEwiyOtmA6n4B6BbQbo5
0e0XimJ67dC6nNfRn9+PDx3IQsJYGJ405mkheL5lDj43hauGDO/by3Oy/Rqns/Nm
+5eycIAy5oD+PCKCv5NynaHS9OG/WjRwbYEQZfGtaLLGQxSR4terQMV2ZBPT92Mt
U6295bR4q56VFpEBqNpSqPs97775kKv717FGZ72y5Hmu2mY3XdEXhLSPqYvwoE0M
azgBGb4s2mc0DZvKz1Yhy8Q7Z0fWRIXyzsZyyzLjfZgEDvgvHUo+Fh7wmfc7hsYx
qlrIocGCad7lTkQGXlC0E8elD5Vfc9FB1g0VK5JRP6EtAez4c+o/KYBEZR6L+vpZ
Q12EHAp/qcQjupDhrjqta7TB+kxTKcHjQ7w81j2JAZhR6XW1FAFrmYVZklqMLgU7
lpULw4V70H6kAXnl87m3
=jtkJ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ