Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 16 Feb 2016 13:16:17 -0500 (EST)
From: cve-assign@...re.org
To: ppandit@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, luodalongde@...il.com
Subject: Re: CVE request Qemu: usb: null pointer dereference in remote NDIS control message handling

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Qemu emulator built with the USB Net device emulation support is vulnerable to
> a NULL pointer dereference issue. It could occur while processing remote NDIS
> control message packets, when the USB configuration descriptor object is null.
> 
> A privileged user inside guest could use this flaw to crash the Qemu process
> instance resulting in DoS.
> 
> https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg02553.html
> https://bugzilla.redhat.com/show_bug.cgi?id=1302299

>> When processing remote NDIS control message packets, the USB Net
>> device emulator checks to see if the USB configuration descriptor
>> object is of RNDIS type(2). But it does not check if it is null,
>> which leads to a null dereference error. Add check to avoid it.

Use CVE-2016-2392.

This is not yet available at
http://git.qemu.org/?p=qemu.git;a=history;f=hw/usb/dev-network.c but
that may be an expected place for a later update.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWw2azAAoJEL54rhJi8gl5P9kP/Rs4ZAE8ZXhvH4ToA3otZhpg
wAh8ottOV8upMXJbpvsAorv3GNZ8mhV54fda4PUACFFO7sBt6vC8TU+9jy8r9Ey2
4anpNmRyEh7Dhb5DayV5SAIst5scurFfjM6xRiLq2TYkYTDsgV/hwG3a5h1gQ9yn
VyrmPpSkQi5RFU74HWn0ZAfFa+/ohsClTEy6pWORNtznzd2Ie5Pzwunjda3Wofxc
cGr+xfh+pFUTIFhyWL1E6N1aoRaj7eYjB/b+23qKo6uAjgYYg9KB4WkbblUSMvOM
J5Tin3cbQI8E5EAe5N0oR5KKDYrmsSL6LxUnl+kctnxg19M35jSAWm6Mb9z7X/wn
b1q6PZ1/P1PegIheyaI8SwmJGJpB7s1uaanPPQEWuF9IdmDUoacBKcuSHZgHfBaJ
R4EQ7gpomp7+pEva4HxRuRPHFyrY8Cc9fZaPig8Oz3SwlhkcJEcREqgxzWEUE/K4
6gMdIPWQ3x/trX+Q+FbG0sdcPJ3kEXVVqdxcNAFk8A3oiWYptNAWVUWzKZQlk4tY
SbaMcp3T6ZBdv5d3v2jI6Au3ReZrJsfpslcYZ+57QXvaxGdkfa/eIe6irPWHUt7c
F2qVi29w7MN9KLzs4VYsu11Yu4dWFlfui4/BGJF0uFGn3V++nXnmA/5fPzmKcn2G
FJMS80TAffgwEurUNih2
=XXSy
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ