Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 12 Feb 2017 09:13:01 -0500
From: Leo Famulari <leo@...ulari.name>
To: oss-security@...ts.openwall.com
Cc: ppandit@...hat.com, cve-assign@...re.org, jiangxin1@...wei.com
Subject: Re: Re: CVE request Qemu: sd: sdhci OOB access during
 multi block SDMA transfer

On Tue, Jan 31, 2017 at 10:20:47AM -0500, cve-assign@...re.org wrote:
> > Quick emulator(Qemu) built with the SDHCI device emulation support is
> > vulnerable to an OOB heap access issue. It could occur while doing a multi
> > block SDMA transfer via 'sdhci_sdma_transfer_multi_blocks' routine.
> > 
> > A privileged user inside guest could use this flaw to crash the Qemu process
> > resulting in DoS or potentially execute arbitrary code with privileges of the
> > Qemu process on the host.
> > 
> > https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html
> > https://bugzilla.redhat.com/show_bug.cgi?id=1417559
> 
> Use CVE-2017-5667.
> 
> This is not yet available at
> http://git.qemu.org/?p=qemu.git;a=history;f=hw/sd/sdhci.c but
> that may be an expected place for a later update.

This commit appears to address CVE-2017-5667:

http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=42922105beb14c2fc58185ea022b9f72fb5465e9

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ