Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 25 Jan 2017 03:42:16 -0500
From: <cve-assign@...re.org>
To: <ppandit@...hat.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>,
	<liqiang6-s@....cn>
Subject: Re: CVE request Qemu: serial: host memory leakage in 16550A UART emulation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Quick Emulator(Qemu) built with the 16550A UART serial device emulation
> support is vulnerable to a memory leakage issue. It could occur while doing a
> device unplug operation; Doing so repeatedly would result in leaking host
> memory, affecting other services on the host.
> 
> A privileged user inside guest could use this flaw to cause a DoS and/or
> potentially crash the Qemu process on the host.
> 
> https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01945.html
> https://bugzilla.redhat.com/show_bug.cgi?id=1416157
> http://git.qemu.org/?p=qemu.git;a=commit;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b

Use CVE-2017-5579.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYiGO9AAoJEHb/MwWLVhi2pMwQAJ8+hQLeRu4ralJGGyn9AL2t
wmUkA4A/QH5e1MjsxFoiFOICw691NlmXYk3kEGlK8VMJsRRXQv82N4IboniW1X42
tTu7+ovYK4FCgsngX0r15gxFHe7AoyYQ0RpCQm/ugUe1IdQbLLIK2B5tAOxArCFx
pac/+/Av6JK0gP+C9Fc3HYP8Rm0VWYf8DqDcK+ndrIlet0Y/G2BDTrO+vm3R2Yos
LrT1qfMScVUhqmGZrVVLyB2B4wMHRYOdWmECN7c3owwrpWc3zHG5NetwyjWBMGRy
yyJ5u1x+7FbPIDn4mq2bTqJY9/3Gq2AqA60bTJdu2sbTp78hI+4xqBeRrTwpQtIN
nCVoyAXhcbPJMXy0vbpkOwaH3LuMg/SWJpsC3wyjxwxYwldkvvuYzkrS6YyAesPz
rTPG341iFHowh3XrR3WmZGE52l/IZU2iXJjeXKxoO4hjjpgIdP4e+oXTNxm1Jweu
EMjepn3hzICKPCfhrAlUV7a+k9ukGjlSguudMFmceImd3nxqoVp2uBCB58Ft5nfn
0amrCFUsFgv5xVABrWAX6WR+2EjygEjmRhTeW7ItL1mMQpZElD7k4NeARNiUnhve
+W5/fQPuNAMK79iYKkmRgbYYxBqD9XFGH3N8VscQ+mRz4nl5YkTUNlSQcA20+AcV
Pc5WY/s2U82JKsjWc67Y
=DDIw
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ