Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 15 Oct 2016 12:47:23 -0400 (EDT)
From: cve-assign@...re.org
To: ppandit@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, psirt@...wei.com
Subject: Re: CVE request Qemu: char: divide by zero error in serial_update_parameters

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Quick Emulator(Qemu) built with the 16550A UART emulation support is
> vulnerable to a divide by zero issue. It could occur while updating serial
> device parameters in 'serial_update_parameters'.
> 
> A privileged guest user could use this flaw to crash the Qemu process instance
> on the host, resulting in DoS.
> 
> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02461.html
> https://bugzilla.redhat.com/show_bug.cgi?id=1384909

Use CVE-2016-8669.

This is not yet available at
http://git.qemu.org/?p=qemu.git;a=history;f=hw/char/serial.c but
that may be an expected place for a later update.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYAlsWAAoJEHb/MwWLVhi2ZNgP/3Q2O/R4RvBqZ3ySzmRc4kBJ
KZMiY1SO+pPhKz2ogREuCqE6/ioBa9181Jcd7b+VsDXqhYLpIqvfr/gOA2QfQRJW
OS2JYBpHf36RT8CzPnSKq825UjpYLj3tObbv/BiGuIEqU0Eky79Q/sFkOqCZJZn/
vFKwuSqNtqcvD6c1fQWz5BQQhgYOqZtPNPeDvdV6AGSh7qny/wjpA57LrGqv16M+
FX5iBo0nmOB9SPPHBGIMQlXq7hIq73mnhqu6hXNqrZo9ZDEBSf+t2bRzufNi4o47
WefYhqJ/J8Sku+X28ul+BndLhmo/XYhlwXVgp4gv5I+ybEW/l+8+VZvRCyjiVmrl
DtZyp9N2FMXqueJeMk85D7Qn2v6Us1gfLjk22GfYiP9H+z+8KGbiHf8EjHj7vuCC
OFE0guEqT80ev/hAP65NAidxVxquuxEkAiu2gGDUhnImi5kBY038Df4mPju8tYIo
W5H/kFK6vzHayyF8/JZlz5XbdhMQsX3aQ51sfvgxQTkyjNJ8/ZpLVDLdQRMmDpvG
jE1QuOXaO+CNAnluwFfcGkkSA7JZw2AgVYGy8yWhHSF3eFG1YR5pf6eu+c0S+Oug
rjATBMRpPmGi9WWooDi1i/F6FkFS/wTbHyUGeNtHG8lWqAWYFjV7IGyJ4IK1CICK
3v8A+xpCXBAJY7oQbNmw
=eIjR
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ