Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 18 Jan 2017 11:36:50 -0500
From: <cve-assign@...re.org>
To: <ppandit@...hat.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>,
	<liqiang6-s@....cn>
Subject: Re: CVE request Qemu: audio: memory leakage in es1370 device

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> [] Quick Emulator(Qemu) built with the ES1370 audio device emulation support is
> vulnerable to a memory leakage issue. It could occur while doing a device
> unplug operation; Doing so repeatedly would result in leaking host memory,
> affecting other services on the host.
> 
> A privileged user inside guest could use this flaw to cause a DoS and/or
> potentially crash the Qemu process on the host.
> 
> https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01742.html
> https://bugzilla.redhat.com/show_bug.cgi?id=1414209
> http://git.qemu.org/?p=qemu.git;a=commit;h=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da

Use CVE-2017-5526 for this (i.e., a memory consumption issue, not an
information disclosure issue).

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYf5h4AAoJEHb/MwWLVhi2em4P/1KkgoHvZ6YoAHAjNTBDT4A3
3dnuGXztJxMWal2PD92HA7CLCFxalqtIn6Xjs3I6a6FIcYjQ3SZpByTLb/8qOBPa
waoDJJ3LLgErTZnUyQhUbNrS/zNNZkYAYjx2W6/OfgukaEQviZ3RsVYG58EUPqmi
HZli1xdiqKnB7D/8Wa26XjVx2bxJK4npGK51zx8SDDqEmk99BGaJjYJhEJbBSMbl
6L5u0Epw94I+JGpFo+qoCWJZ2n8Zhn22yNCMS1fsiqWkjhHF0EPlR/h/nZrfh/Yt
CUnyQN6LBJXB/L9xQ09tnSNYpTb1AoyB5DtPZxz+uytP8TpboeexhbLA1Qv5MLH7
q2zBJwyl7HIeNqWtgnQ7PQdVCrVSRjDgWwkvAEM6QbtxD3eIIXF9REKApsHdl5om
kd90UocZmLNDZEiTZ8ATaDJnrotPyi0F+4YNEyA30F4j2eiZpVv4ndoGFOQ7UF9Y
64InaVmTmHNosBCDw1FTysuNeVPKXaZ8hc7XlL0zWAYaga/1Skr8DpTFwOVF1r6d
NjsV/8QQETHUslEm6T/Xo9TXPytchlonkc4+ZGd4eodjrEYxYnOCS7XbLG2z3+Xf
LpBv1rKtt7ybp1GdVb/DaiVZO1oEMCDfJbza6z8gDXqB6+f53vnNb8x9UulmlpT0
GQ6KSrEdRU6cR9koa1zT
=vGTC
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ