Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 9 May 2016 17:40:04 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
cc: Michael Roth <mdroth@...ux.vnet.ibm.com>,
        Peter Maydell <peter.maydell@...aro.org>,
        Gerd Hoffmann <ghoffman@...hat.com>,
        Stefano Stabellini <sstabellini@...nel.org>,
        zuozhi.fzz@...baba-inc.com
Subject: CVE-2016-3712 Qemu: vga: out-of-bounds read and integer overflow
 issues

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

   Hello,

An out-of-bounds read and integer overflow issue was reported in the Qemu 
emulator's VGA module.

Qemu VGA module allows guest to edit certain registers in 'vbe' and 'vga' 
modes. ie. guest could set certain 'VGA' registers while in 'VBE' mode. This 
leads to potential integer overflow or OOB read access issues in Qemu, 
resulting in DoS by crashing the Qemu process on the host. (Moderate)

A privileged guest user could use this flaw to crash the Qemu process on the 
host.

'CVE-2016-3712' has been assigned to this issue by Red Hat Inc. Patches are 
attached herein to help fix this issue.

This issue was discovered and reported by Zuozhi Fzz of Alibaba Inc.

Thank you.
- --
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJXMH4cAAoJEN0TPTL+WwQfJQ8QAIskTPJjmQ5o2OMyIgTrFlTe
suLiD/qRFInd/MpgeICalqVRBzxh5FdOUJWXCoDUbogPLdZ2LmUHBXL/LyjDK01O
R118M3HYUxWGowPf5Jh+ir4/IPSZamTn0LFZAJCrwWW9dmdqcbnoClDxBm6wsDJD
4uzYmYoHogQZ4DVVL8k9kRrQ1yIkftvwoYZCXN6ToikvXcbJxJdDnc5jQ9W/ABGV
fAfJfsG1zbq2fXagfy+ChKJANse525TAKpTmTZXcZWyoE7JrIUFNFIsWWaBpuJdp
yqj+T8EF0bDz2DxJlmlILkpqg48EaEFJlKBg0jlR8/hkNyl1wgEX+Y/C7mgJd2Om
Dipwkk/G4/izUWls+IZijWeZ2Ge1ul4QG+sM0/InnYhTuyhq3Cw8E8Nt+ZOJHBKj
/KOEYYPr7/QEIC41LKVatN2W5ai6mOSkiGD6qIuIvuR3dPhz7qhFZAML/1KAooAs
QOTPxjqxuMvDUm4+KAF598WY+3UFpDeIF0LExc1bhrvEcrjlhC7ypm02d5WaOk26
wkJQ4hJcbHRs/4vp8mMkpTdz8ccjzfbz3GI1GmSsxN5EbdLW4+r8xgGXZ0o0jwpX
JJHtq1wikxab5+rgC/03oDlGcL2AtD7FvDJtcyGEl+5raDguwNrAuKZoF1cBnTVg
MDzQ2/zuFdeJbIWydjL9
=xwOS
-----END PGP SIGNATURE-----
View attachment "0005-vga-make-sure-vga-register-setup-for-vbe-stays-intac.patch" of type "text/plain" (2873 bytes)

View attachment "0004-vga-update-vga-register-setup-on-vbe-changes.patch" of type "text/plain" (948 bytes)

View attachment "0003-vga-factor-out-vga-register-setup.patch" of type "text/plain" (5241 bytes)

View attachment "0002-vga-add-vbe_enabled-helper.patch" of type "text/plain" (2163 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ