Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed,  8 Jun 2016 16:49:36 -0400 (EDT)
From: cve-assign@...re.org
To: ppandit@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, psirt@...wei.com, liqiang6-s@....cn
Subject: Re: CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Quick Emulator(Qemu) built with the ESP/NCR53C9x controller emulation support
> is vulnerable to an OOB r/w access issue. The controller uses 16-byte FIFO
> buffer the information transfer. The OOB r/w occurs while reading/writing to
> this buffer in esp_reg_read() and esp_reg_write() routines.
> 
> A privileged user inside guest could use this flaw to crash the Qemu process
> resulting in DoS OR potentially leverage it to execute arbitrary code with
> privileges of the Qemu process on the host.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1343323
> https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html
> http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec

Use CVE-2016-5338.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXWIM2AAoJEHb/MwWLVhi2qZMQAKFtExzVCnlnvI+HcKlNrYDP
KYs8RZZsL35htugWCWGhKd1bu5DZCgKicQJv6Ffxfjbg8mg+X0Gm4hvO4o7swfKL
p9+yHXzO4ULSz2GhlUQmyH5B+oO/0o8fCgLE1B04ngOqLiWDi1qRjjs1FXGBTlgF
RD0RyhNpzAQVQrBwJugpxd6mZ/b/IZ8MqwxcigWwqOwsIdFsT3YTso2dG63t0a4n
JHfC+6bFxDw82AZcJ32jgul59eQAuUrH4/2qMymaHnxLHIexitLl5QpATyKPhSJ9
59lHlEROszYTuRyCQzSJSWahIcbiUXGD4GEkvLyqHzt2GdhjCxHVgPZ3QizHONPz
UDwU91RzZefYE2MCz17QE076n953pQpum/elMpDvsNxwqReR9raT8E67BNccp+kn
LU+J5TdLG41OLrtlKCsseb/2tz8rU0AbHz4kM+r1E7Xj0j180BmL4JPYec4UEsGj
ApB/iAZ2NMpidkOxOUGJSDYq84paN4+2PHyZLdXEdPjTGbJGOe1mt4FxVsuT/+sf
FebH7drSRihl3Fwtb/0mcNHD78nAvGLEn1WzJsbz89cXvcZbtnJ3ay7pqqIU2Gzg
F+QGveEDtq66cFIUBSFpuXvehuqsSarfKcf1el5/xYKKQZO8fsQMmXb6UzVp95Xy
gFwKGtK+wk7BMTXrDUU7
=ThnN
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.