Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 9 May 2016 17:33:28 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
cc: Michael Roth <mdroth@...ux.vnet.ibm.com>,
        Peter Maydell <peter.maydell@...aro.org>,
        Gerd Hoffmann <ghoffman@...hat.com>,
        Stefano Stabellini <sstabellini@...nel.org>,
        Qinghao Tang <luodalongde@...il.com>
Subject: CVE-2016-3710 Qemu: vga: out-of-bounds r/w access issue

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

    Hello,

An out-of-bounds r/w access issue was reported in the Qemu emulator's VGA 
module.

Qemu VGA module allows banked access to video memory using the window at 
0xa00000 and it supports different access modes with different address 
calculations. A privileged guest user could use this flaw to exceed the bank 
address window and write beyond the said memory area, potentially leading to 
arbitrary code execution with privileges of the Qemu process on a host. 
(Important)

'CVE-2016-3710' has been assigned to this issue by Red Hat Inc. Patch attached 
herein fixes this issue.

This issue was discovered and reported by "Wei Xiao and Qinghao Tang of 360 
Marvel Team" of 360.cn Inc.

They have named this issue as - "Dark Portal"

Thank you.
- --
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJXMHyQAAoJEN0TPTL+WwQfnnIQAImX2cxVTrPmGrPwFC66di8N
OIme91B7rFjFUQJ46Z+F3PmlsUsgDo9hwhg3VLOsQWeju06+C6fTV01dNvxL88re
mE7S5uQTRwOs9tR/ojxIYlwq6FnPek4yISRo9VsiQi/d8QD4+IPxg4mRH6nP9O4M
g9pYQrHAdKCGBsMmHUnIXJ5xamKO0oZMqJOfzZZUfZCDU3cy1p6pN6f2FVdgm7il
5/A5YJpC3Qvz9AM8DZ2jJOrEXMqIGucjt5fggOTzq3eNely6+Q1EV4i96+U08PrM
TeQqwNC1hEVSISpOKTM3V43XPnjpbbyb7SOMy2W4CCUq/NZTAQP9+HGzwarZ4IrF
xeVqJyyT9zewPRBuQX7XpG6cgKpHP3RuS4cYprMLccugd9fvYire7adRGeGfO25c
Rk3q1uSYWD4PkqalyprpjhXi85hQg2YbHRbc4Mjf1LAVExBYHoKb0vtZ0KnUXZTh
4h9HYPH1NnVKConQFXtSVEkcBgTAOtgKgHjDM/rZ0xNPnKsi4yVmJhBqSpmZ5c4b
VsnIggSpL0MtcDePKZN028a4bbkxdHUUCuADkBuNZSc5siBhzWFysO2CD5GaU7Qv
ZWV1IkxXbyZUXGgTzASvrsLtyXmBrB8EfQivZc2nVJCO3fHS1vGMPz6ccNKmRVnQ
T5mRyogkCnGI6B/lY8nj
=zy94
-----END PGP SIGNATURE-----
View attachment "0001-vga-fix-banked-access-bounds-checking-CVE-2016-3710.patch" of type "text/plain" (4450 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.