Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Sep 2015 10:24:47 +0800
From: Qinghao Tang <luodalongde@...il.com>
To: cve-assign@...re.org
Cc: P J P <ppandit@...hat.com>, oss-security@...ts.openwall.com
Subject: Re: CVE request Qemu: ide: divide by zero issue

please add this vulnerability information at
https://access.redhat.com/security/cve/CVE-2015-6855.
Thanks.


2015-09-11 3:25 GMT+08:00 <cve-assign@...re.org>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> > Qemu emulator built with the IDE disk and CD/DVD-ROM emulation support is
> > vulnerable to a divide by zero issue. It could occur while executing an
> IDE
> > command WIN_READ_NATIVE_MAX to determine the maximum size of a drive.
> >
> > A privileged user inside guest could use this flaw to crash the Qemu
> instance
> > resulting in DoS.
> >
> > The fix disables undue IDE commands for CD-ROM drives.
> >
> > https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg02479.html
>
> In this case, we are assigning a CVE ID for the primary problem
> statement in the msg02479.html post, i.e., the "All other commands are
> illegal to send to an ATAPI device and should be rejected by the
> device" statement. Use CVE-2015-6855. The divide-by-zero error is
> resultant, and serves as a demonstration of how an illegal command can
> have a security impact. It is conceivable that other security impacts
> may be discovered later.
>
> (not yet available at
> http://git.qemu.org/?p=qemu.git;a=history;f=hw/ide/core.c)
>
> - --
> CVE assignment team, MITRE CVE Numbering Authority
> M/S M300
> 202 Burlington Road, Bedford, MA 01730 USA
> [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBCAAGBQJV8diyAAoJEL54rhJi8gl5uHgQAJTCJFsIvOV4bvGLr2IBeyyT
> WuyKhVTjHPnI05gIN/GetgRg53OkxX7p2PtlCW4+X6GtDizwY6ia4QwS1dKJeKZr
> GCaeU8NgiOoeGYj674yPrd2qfLzI1IaBcl5Hn2NMTjRquJQfSfrcWG8OuH+K9Zlp
> Rg+8XLhdiryDGmslj0fb6aq+XlSfApszdaR1kFLX1zJzLBFlYeueUfDkZNTLmQmI
> E6tDCxn8oE6yEVdWHIciwt09yRYLQORGVR619mXkVMXNguXzgJpe66poAUDbSmcC
> W0RdGoAHnS0iqz6eq1e+AsFQhP0zvGfQpCm7Od08EMEbvQAmk7dOjYs/qZN5KHkI
> m1AshF0MmlxUsCS6kNIOJbQp0YsAhflHV7oZ24HWy0NF0bytM3sZFiWIPSE66N1G
> OVdp6/NRVg4gGvOm/XeP09zezkR/PkPETfVldg9ffPsIx3LUQBFZK9HtAx6wJA6w
> 3pNVNktvE7LxNIzfvlGChkhvy4q07E4er2jEKGCMlYDp8zd7HKm+8eE2DFhz74xP
> n+VaCpbeQ/0oilZLWlkA50WY2nrI6Ndf07pjw7y7ZozZBvgwGKkXsBLwRh4OByvd
> IFC2zeTkbT609DhMY/hQQaVTjT+T5M35wqaCe3Xo2nq4vltf03i5w57yRy3gEUKq
> 20FvsUHrETz9JjTtxRgI
> =8VhV
> -----END PGP SIGNATURE-----
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ