Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed,  8 Jun 2016 16:44:44 -0400 (EDT)
From: cve-assign@...re.org
To: ppandit@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, liqiang6-s@....cn
Subject: Re: CVE Request Qemu: scsi: megasas: information leakage in megasas_ctrl_get_info

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Quick Emulator(Qemu) built with the MegaRAID SAS 8708EM2 Host Bus Adapter
> emulation support is vulnerable to an information leakage issue. It could
> occur while processing MegaRAID Firmware Interface(MFI) command to read device
> control information in 'megasas_ctrl_get_info'.
> 
> A privileged user inside guest could use this flaw to leak host memory bytes.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1343909
> https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01969.html
> http://git.qemu.org/?p=qemu.git;a=commit;h=844864fbae66935951529408831c2f22367a57b6

>> While reading information via 'megasas_ctrl_get_info' routine,
>> a local bios version buffer isn't null terminated. Add the
>> terminating null byte to avoid any OOB access.

Use CVE-2016-5337.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXWIM7AAoJEHb/MwWLVhi2Xf4P/Ahd+5miydBOK6lpzPz8rCki
yO1bf5RBSrxCs8mupwxK1jI8YgohSOwaeYrACwDeNTHnzJD7uc6MwvhWYvuMnv8D
K///kKuhocZD8A1Ol5KSHxul/ukNv1+jMV+XhQZvHZh/qHFApCeJAldAvPh3tqrT
Qt+8vCqoIQR14IbQMqLuC7peqBPOU9PuXv9xA3FYBxomlDCl+B3mfptLMuBCQ+hW
EDTea9jmA6M5rzDY23/iWyauUgW65+ze2Cx6Y8+xtJbAsBgzJl66iJWKmhZ5xvhm
qn7GWvN9YboqR+819cwmAHCDbPrE4UNfbst63W51epIj7eO5NQSVWb3INpV0rR8B
P64vpoOdZ+C9Ur+IH3bSypGXVAa9E2caT5Wn/LLnumxyDRB+zuQcmXikGe5clROV
rdA8Nq86HQEp+uax4j1KCjSJxeMWJ0C25QsNXVO5GZDBpJ7JAtpM0MSp1rh0KWPM
jqHv24YdWfq1SO/6XmVIv8yhJfCjOiXRgiC8fvb9y92n2UgRf4Lp88BCYrl6FU1x
vSph/1nqbl8WJqqRR3BYNCLaTEZUtuA6nxll6FttaGi/icWW6MB+B1QL4jQ1d2y3
5tIvvUD+NgCsfGZAEq63Qi4H+XlG8DdIAADKa1mXSNp0ZUAivNBgnH4SdUIKkT0v
5JkP8v9qRFtvQv9gceVV
=Up/J
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.