Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 12 Feb 2017 09:13:01 -0500
From: Leo Famulari <>
Subject: Re: Re: CVE request Qemu: sd: sdhci OOB access during
 multi block SDMA transfer

On Tue, Jan 31, 2017 at 10:20:47AM -0500, wrote:
> > Quick emulator(Qemu) built with the SDHCI device emulation support is
> > vulnerable to an OOB heap access issue. It could occur while doing a multi
> > block SDMA transfer via 'sdhci_sdma_transfer_multi_blocks' routine.
> > 
> > A privileged user inside guest could use this flaw to crash the Qemu process
> > resulting in DoS or potentially execute arbitrary code with privileges of the
> > Qemu process on the host.
> > 
> >
> >
> Use CVE-2017-5667.
> This is not yet available at
>;a=history;f=hw/sd/sdhci.c but
> that may be an expected place for a later update.

This commit appears to address CVE-2017-5667:;a=commitdiff;h=42922105beb14c2fc58185ea022b9f72fb5465e9

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ