Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 4 Jan 2016 19:44:03 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
Subject: CVE request Qemu: net: vmxnet3: reading IMR registers leads to a
 crash 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

   Hello,

Qemu emulator built with a VMWARE VMXNET3 paravirtual NIC emulator support is 
vulnerable to crash issue. It could occur while reading Interrupt Mask 
Registers(IMR).

A privileged(CAP_SYS_RAWIO) guest user could use this flaw to crash the Qemu 
process instance resulting in DoS.

Upstream patch:
- ---------------
   -> http://git.qemu.org/?p=qemu.git;a=commit;h=c6048f849c7e3f009786df76206e895

Reference:
- ----------
   -> https://bugzilla.redhat.com/show_bug.cgi?id=1270876

Thank you.
- --
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWin4rAAoJEN0TPTL+WwQf9tsP/jdNbRX2Gu5iIS69tRuYSc5x
yYWJHosD9akCxj4pZYMbrjoiQeKs7xuVrqhZnKSDzXWnHjfH8tC41s6aWRcP4qp9
xqooML+OtIAoPFq6El4iBCp7lrp70rPatY+YXfI7IhxLNF6kFoUqBrWJe+aAxMod
shL3yDKv8J+dgRIc9j36odJpTVgsIyYojRr3Bb1IwfKsHmltVNxNqzHyOPGGU02G
B1c02Gy2atxkJqRNjrdmze6A1vSlyJiXHbCQxin9BNzc9EJqYer1KdIyztyeTBD0
OLuBvEZ872iKyCqgj/qQpdKAagQPXNcOG9VREcdoOCW38GFHXNSP1/n4ZbfjsUYX
oZqLbYnm9Mwq73eIBDJxzpzqwlDQqWFzdXgcPu82KvJt+Q2/Ms718N+0euOuDVOm
5U8f2VE+0hhCvkNakdKrRq4iy9E2vJLJ5x5yYgSj35rMMAKsx3fuEU8k9a5iyeWz
dp0VqAE2ene2RnibHrlBR4XXyu20Tvmh3gdDedTj71hCSOZ2o9AgmmIRERLlCZC6
L9hnOjbNRckIF8GjP9wgEcyzn+Jv2BWzBz1Ea+UEqXlPYtNzBYDHfouRf4/7ncMK
dTscla0o8lN92phhGmKporhosP3XwydezHbawKWiBenUHWkduKFAwqtMLwRLhbeG
r7TAUzpYU9gm9WLOCGrt
=SzBR
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ