Date: Mon, 9 May 2016 17:33:28 +0530 (IST) From: P J P <ppandit@...hat.com> To: oss security list <oss-security@...ts.openwall.com> cc: Michael Roth <mdroth@...ux.vnet.ibm.com>, Peter Maydell <peter.maydell@...aro.org>, Gerd Hoffmann <ghoffman@...hat.com>, Stefano Stabellini <sstabellini@...nel.org>, Qinghao Tang <luodalongde@...il.com> Subject: CVE-2016-3710 Qemu: vga: out-of-bounds r/w access issue -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, An out-of-bounds r/w access issue was reported in the Qemu emulator's VGA module. Qemu VGA module allows banked access to video memory using the window at 0xa00000 and it supports different access modes with different address calculations. A privileged guest user could use this flaw to exceed the bank address window and write beyond the said memory area, potentially leading to arbitrary code execution with privileges of the Qemu process on a host. (Important) 'CVE-2016-3710' has been assigned to this issue by Red Hat Inc. Patch attached herein fixes this issue. This issue was discovered and reported by "Wei Xiao and Qinghao Tang of 360 Marvel Team" of 360.cn Inc. They have named this issue as - "Dark Portal" Thank you. - -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJXMHyQAAoJEN0TPTL+WwQfnnIQAImX2cxVTrPmGrPwFC66di8N OIme91B7rFjFUQJ46Z+F3PmlsUsgDo9hwhg3VLOsQWeju06+C6fTV01dNvxL88re mE7S5uQTRwOs9tR/ojxIYlwq6FnPek4yISRo9VsiQi/d8QD4+IPxg4mRH6nP9O4M g9pYQrHAdKCGBsMmHUnIXJ5xamKO0oZMqJOfzZZUfZCDU3cy1p6pN6f2FVdgm7il 5/A5YJpC3Qvz9AM8DZ2jJOrEXMqIGucjt5fggOTzq3eNely6+Q1EV4i96+U08PrM TeQqwNC1hEVSISpOKTM3V43XPnjpbbyb7SOMy2W4CCUq/NZTAQP9+HGzwarZ4IrF xeVqJyyT9zewPRBuQX7XpG6cgKpHP3RuS4cYprMLccugd9fvYire7adRGeGfO25c Rk3q1uSYWD4PkqalyprpjhXi85hQg2YbHRbc4Mjf1LAVExBYHoKb0vtZ0KnUXZTh 4h9HYPH1NnVKConQFXtSVEkcBgTAOtgKgHjDM/rZ0xNPnKsi4yVmJhBqSpmZ5c4b VsnIggSpL0MtcDePKZN028a4bbkxdHUUCuADkBuNZSc5siBhzWFysO2CD5GaU7Qv ZWV1IkxXbyZUXGgTzASvrsLtyXmBrB8EfQivZc2nVJCO3fHS1vGMPz6ccNKmRVnQ T5mRyogkCnGI6B/lY8nj =zy94 -----END PGP SIGNATURE----- View attachment "0001-vga-fix-banked-access-bounds-checking-CVE-2016-3710.patch" of type "text/plain" (4450 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ