Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 30 Oct 2016 15:44:13 -0400
From: <cve-assign@...re.org>
To: <ppandit@...hat.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>,
	<liqiang6-s@....cn>
Subject: Re: CVE request Qemu: memory leakage in v9fs_link

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Quick Emulator(Qemu) built with the VirtFS, host directory sharing via Plan 9
> File System(9pfs) support, is vulnerable to a memory leakage issue. It could
> occur when calling v9fs_link call.
> 
> A privileged user inside guest could use this flaw to leak the host memory
> bytes resulting in DoS for other services.
> 
> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02608.html
> http://git.qemu.org/?p=qemu.git;a=commit;h=4c1586787ff43c9acd18a56c12d720e3e6be9f7c

>> it doesn't put the 'oldfidp'
>> fid object, this will make the 'oldfidp->ref' never reach to 0

Use CVE-2016-9105.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYFkuHAAoJEHb/MwWLVhi2DMAQAIO5vFhKXH1jUOmYSL9U28Ll
7zekNnjjaInS3IUqygdo9awZVAHmPS93yW3oJJ0jkwYU/TDUtEqDVjLrlylvCfww
OCJFxc6N8bkgRl8XHmSnON0jehx9Gsm7JbM8u6yYYpmEKR6CEawFzO8nT2wBt0SD
zgxurZJ8R7WCIcrhBtVBFECI7HGMnyS3XXx/p4Brd4Tv+oFCFHKaV4a9jZY8fmIq
2Vw9bxLRLNnGLY61GRJNOEk1z836jeeH/S2Ey4vPMDzwRiHd0izXykscMHdVFb/9
vQ+gzOt2VATieZJxRV7JywxLkDf9ZWqRNeIonW4LfZl+acO/lrTWPZZXmIz/JUSy
U6/63ksgKrOMcPlRCStX+GmB5fXQ4BZnTQRW5q2pkYtsoL11KsszoQmSDs/9ou0/
Xm6Duj0UfJGqrUcei8IS01nXSPk+sfnLSyfELe/QxTbd7wHoogjj0L5sdfaTDdDk
JL/STIuVvsJSehH7LwmBC1//xhTUhWf2h+W2W5I43pvgBGvArBtipY0Pr6Gi/k2Q
Uuqc1ZgFtyM70umJRTblBzuiEPAWtExZoTPWfQXmTYHHRqWl+kKZ7no3oMNrDOYl
FbQVdWhUw0lfdyfICJ7U1lW4AiCpNjCs0w2KMT2MEz0OrPpCMQkJaf9swdWdH/Q7
8ygJtNKg5QpmODGyq2Pv
=4oL2
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ