Date: Sun, 12 Feb 2017 09:13:01 -0500 From: Leo Famulari <leo@...ulari.name> To: oss-security@...ts.openwall.com Cc: ppandit@...hat.com, cve-assign@...re.org, jiangxin1@...wei.com Subject: Re: Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer On Tue, Jan 31, 2017 at 10:20:47AM -0500, cve-assign@...re.org wrote: > > Quick emulator(Qemu) built with the SDHCI device emulation support is > > vulnerable to an OOB heap access issue. It could occur while doing a multi > > block SDMA transfer via 'sdhci_sdma_transfer_multi_blocks' routine. > > > > A privileged user inside guest could use this flaw to crash the Qemu process > > resulting in DoS or potentially execute arbitrary code with privileges of the > > Qemu process on the host. > > > > https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html > > https://bugzilla.redhat.com/show_bug.cgi?id=1417559 > > Use CVE-2017-5667. > > This is not yet available at > http://git.qemu.org/?p=qemu.git;a=history;f=hw/sd/sdhci.c but > that may be an expected place for a later update. This commit appears to address CVE-2017-5667: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=42922105beb14c2fc58185ea022b9f72fb5465e9 [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ