Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 26 Sep 2013 13:39:52 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Vincent Danen <vdanen@...hat.com>
Subject: Re: CVE request: qemu host crash from within guest

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/26/2013 12:39 PM, Vincent Danen wrote:
> Could a CVE be assigned to the following?
> 
> A dangling pointer access flaw was found in the way qemu handled 
> hot-unplugging virtio devices.  This flaw was introduced by virtio 
> refactoring and exists in the virtio-pci implementation.  When the 
> virtio-blk-pci device is deleted, the virtio-blk-device is removed
> first (removal is done in post-order).  Later, the
> virtio-blk-device is accessed again, but proxy->vdev->vq is no
> longer valid (a dangling pointer) and kvm_set_ioeventfd_pio fails.
> 
> A privileged guest user could use this flaw to crash the qemu
> process on the host system, causing a denial of service to it and
> any other running virtual machines.
> 
> References:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1012633 
> http://thread.gmane.org/gmane.comp.emulators.qemu/234440
> 

Please use CVE-2013-4377 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSRI2HAAoJEBYNRVNeJnmTf28P+gIUs+th2lHuuvusTOC5bkO0
0h3MCDOMs7KwbmzUYPxi1bbBDEpVsiHlhfEgBlYQQFJ1kcTwEf3FHqos5XHaMdlf
3BSQgyTwMp79U4yt2qXW23M8PG0yaCzVSqzqfPhVxuDCuG7IebUn9gqXd9UbFOS/
41qPyMz1/NJxV7zJF3FvMxRrUMGo6q3GIdeVaSha9qYfgCU+b8x1abi/nk2ogAiH
u0U9LuKtU7E2H9DVEN7LE0HKDJlopUk+9v2ycsgO7fE8N32LEyq4DAskO7DlPU0B
Tc4MpKa9EBPt91/oWVxfIMXGo90vTluy+IZ5cuokVCV/iR6YDY17iI8z+QycLHN5
Yj7pBKKxYYcSEs8wGW79JKW6/Bh/YnzIbK5i2VMXHk2FONKl+StLmnEe2JYHdwC9
3ItlINii8YHreDKalr3m0rHODHTg0J8tjUn/540gQbmwcYICGL7bbp/yLLA6xyBt
RHJhmwkxzI8dIlJc5fD9yGIJW8915FQr6thJeXogLTMc1U1rN498QBgvPvqRjwpj
sYUMX20H2XbniVrkBvSnhy6IPVFJwa+o7MqYmvZ8o9+nLXOd4oN+cJTWUEipoJuk
0oPOmBpJhMpuokSasoVpwrFXyrQmfDLS1ZuhDcQgu5ueFMezdHQiOpbwEAOlRmyX
dxVp59HWHuMw/rjwFV7M
=Yk2H
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.