Date: Sun, 10 Sep 2017 21:54:31 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Cc: David Buchanan <d@...buchanan.co.uk>, Michael Tokarev <mjt@....msk.ru> Subject: Re: CVE-2017-13673 Qemu: vga: reachable assert failure during during display update Hi! On Wed, Aug 30, 2017 at 03:34:51PM +0530, P J P wrote: > Hello, > > Quick emulator(Qemu) built with the VGA display emulator support is > vulnerable to an assert failure issue. It could occur while updating > graphics display, due to miscalculating region for dirty bitmap snapshot in > split screen mode. > > A privileged user/process inside guest could use this flaw to crash the Qemu > process on the host resulting in DoS. > > Upstream patch: > --------------- > -> https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html > > Reference: > ---------- > -> https://bugzilla.redhat.com/show_bug.cgi?id=1486588 > > This issue was reported by David Buchanan. Can you clarify the affected versions? I noticed while looking at the above, that MITRE description mentions "Qemu 2.8.0 through 2.9.0". I perfectly realize those does not come from the above. As far as I can see, e.g. cpu_physical_memory_snapshot_get_dirty was only introduced in v2.10.0-rc0. The upstream commit associated with the above issue is: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=bfc56535f793c557aa754c50213fc5f882e6482d which fixes https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=fec5e8c92becad223df9d972770522f64aafdb72 introducing the use of dirty bitmap snapshots in vga_draw_graphic(). Do I miss something makeing it affecting as well earlier versions than 2.10? Regards and thanks already for your help, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ