Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 10 Sep 2015 15:25:25 -0400 (EDT)
From: cve-assign@...re.org
To: ppandit@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, luodalongde@...il.com
Subject: Re: CVE request Qemu: ide: divide by zero issue

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Qemu emulator built with the IDE disk and CD/DVD-ROM emulation support is
> vulnerable to a divide by zero issue. It could occur while executing an IDE
> command WIN_READ_NATIVE_MAX to determine the maximum size of a drive.
> 
> A privileged user inside guest could use this flaw to crash the Qemu instance
> resulting in DoS.
> 
> The fix disables undue IDE commands for CD-ROM drives.
> 
> https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg02479.html

In this case, we are assigning a CVE ID for the primary problem
statement in the msg02479.html post, i.e., the "All other commands are
illegal to send to an ATAPI device and should be rejected by the
device" statement. Use CVE-2015-6855. The divide-by-zero error is
resultant, and serves as a demonstration of how an illegal command can
have a security impact. It is conceivable that other security impacts
may be discovered later.

(not yet available at
http://git.qemu.org/?p=qemu.git;a=history;f=hw/ide/core.c)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJV8diyAAoJEL54rhJi8gl5uHgQAJTCJFsIvOV4bvGLr2IBeyyT
WuyKhVTjHPnI05gIN/GetgRg53OkxX7p2PtlCW4+X6GtDizwY6ia4QwS1dKJeKZr
GCaeU8NgiOoeGYj674yPrd2qfLzI1IaBcl5Hn2NMTjRquJQfSfrcWG8OuH+K9Zlp
Rg+8XLhdiryDGmslj0fb6aq+XlSfApszdaR1kFLX1zJzLBFlYeueUfDkZNTLmQmI
E6tDCxn8oE6yEVdWHIciwt09yRYLQORGVR619mXkVMXNguXzgJpe66poAUDbSmcC
W0RdGoAHnS0iqz6eq1e+AsFQhP0zvGfQpCm7Od08EMEbvQAmk7dOjYs/qZN5KHkI
m1AshF0MmlxUsCS6kNIOJbQp0YsAhflHV7oZ24HWy0NF0bytM3sZFiWIPSE66N1G
OVdp6/NRVg4gGvOm/XeP09zezkR/PkPETfVldg9ffPsIx3LUQBFZK9HtAx6wJA6w
3pNVNktvE7LxNIzfvlGChkhvy4q07E4er2jEKGCMlYDp8zd7HKm+8eE2DFhz74xP
n+VaCpbeQ/0oilZLWlkA50WY2nrI6Ndf07pjw7y7ZozZBvgwGKkXsBLwRh4OByvd
IFC2zeTkbT609DhMY/hQQaVTjT+T5M35wqaCe3Xo2nq4vltf03i5w57yRy3gEUKq
20FvsUHrETz9JjTtxRgI
=8VhV
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.