Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 18 Jan 2017 11:35:22 -0500
From: <cve-assign@...re.org>
To: <ppandit@...hat.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>,
	<liqiang6-s@....cn>
Subject: Re: CVE request Qemu: audio: memory leakage in ac97 device

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> [] Quick Emulator(Qemu) built with the ac97 audio device emulation support is
> vulnerable to a memory leakage issue. It could occur while doing a device
> unplug operation; Doing so repeatedly would result in leaking host memory,
> affecting other services on the host.
> 
> A privileged user inside guest could use this flaw to cause a DoS and/or
> potentially crash the Qemu process on the host.
> 
> https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01740.html
> http://git.qemu.org/?p=qemu.git;a=commit;h=12351a91da97b414eec8cdb09f1d9f41e535a401

Use CVE-2017-5525 for this (i.e., a memory consumption issue, not an
information disclosure issue).

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYf5h/AAoJEHb/MwWLVhi23fIP/0fuLRdLp9NZ5o5pn6LmGfEX
dENdnZplDoWUTCRSkDPVW5tNDT/Ksz+OyQ45jhmAgyGjZgMKCkg8xErRoOe9M24+
i2Er+2jeoR1TNaFmmPf2oakdEhU5IBtEj9LhJHq2CqvtNtscf2TOFi5LAzXKmaeM
MoO43kn0OX8LlWn8CuHy5LpXAXVjVl0JG1D1+koKQFjKMnSfxCGmgePZHMIwSFIO
FEYgLTC03l65YmzSrd20exYMua4fNgLq2KC9cR/29TM5YuT9flr/n13sS2oQcCs1
QIxgvlOhMh9B1JKK14aZvPpRELHRnJcDBSq4dFSPxYb1yqC5d+9VvksyzJ4sK+uX
3WuDCddLgFPHgQHAVfkkvD8hCpGEjjCJbtfLdar1NGwPgWjkBLgdgljpEToVUXOU
KqkgEl3ZwoEc/dY0bndvoRy5ttEDGjWpZpGNrmF7jSLXVFOZrJ3QEtyj8uieH2v1
ugvg2RYPb7ucAZssUe3hFOOj8mprIrTAkKoPs7HI7+r8ECsh1DXdKzo2J8awp/87
7/7X/TVbVgVgXLAf9W1HYmnIZXX68ryAvfjfb7lvTJYV6LMsv++XmIuwkYh6/O9y
OcfBV9TkMzPtoLNnh6cOFBzQphVwS5slC/cjSkT08ppubh9hOLFiu+VaWeLtcq59
dMKgDbKn6VcQhjxWKqg1
=6yzY
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ