Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 9 May 2016 17:40:04 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
cc: Michael Roth <mdroth@...ux.vnet.ibm.com>,
        Peter Maydell <peter.maydell@...aro.org>,
        Gerd Hoffmann <ghoffman@...hat.com>,
        Stefano Stabellini <sstabellini@...nel.org>,
        zuozhi.fzz@...baba-inc.com
Subject: CVE-2016-3712 Qemu: vga: out-of-bounds read and integer overflow
 issues

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

   Hello,

An out-of-bounds read and integer overflow issue was reported in the Qemu 
emulator's VGA module.

Qemu VGA module allows guest to edit certain registers in 'vbe' and 'vga' 
modes. ie. guest could set certain 'VGA' registers while in 'VBE' mode. This 
leads to potential integer overflow or OOB read access issues in Qemu, 
resulting in DoS by crashing the Qemu process on the host. (Moderate)

A privileged guest user could use this flaw to crash the Qemu process on the 
host.

'CVE-2016-3712' has been assigned to this issue by Red Hat Inc. Patches are 
attached herein to help fix this issue.

This issue was discovered and reported by Zuozhi Fzz of Alibaba Inc.

Thank you.
- --
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJXMH4cAAoJEN0TPTL+WwQfJQ8QAIskTPJjmQ5o2OMyIgTrFlTe
suLiD/qRFInd/MpgeICalqVRBzxh5FdOUJWXCoDUbogPLdZ2LmUHBXL/LyjDK01O
R118M3HYUxWGowPf5Jh+ir4/IPSZamTn0LFZAJCrwWW9dmdqcbnoClDxBm6wsDJD
4uzYmYoHogQZ4DVVL8k9kRrQ1yIkftvwoYZCXN6ToikvXcbJxJdDnc5jQ9W/ABGV
fAfJfsG1zbq2fXagfy+ChKJANse525TAKpTmTZXcZWyoE7JrIUFNFIsWWaBpuJdp
yqj+T8EF0bDz2DxJlmlILkpqg48EaEFJlKBg0jlR8/hkNyl1wgEX+Y/C7mgJd2Om
Dipwkk/G4/izUWls+IZijWeZ2Ge1ul4QG+sM0/InnYhTuyhq3Cw8E8Nt+ZOJHBKj
/KOEYYPr7/QEIC41LKVatN2W5ai6mOSkiGD6qIuIvuR3dPhz7qhFZAML/1KAooAs
QOTPxjqxuMvDUm4+KAF598WY+3UFpDeIF0LExc1bhrvEcrjlhC7ypm02d5WaOk26
wkJQ4hJcbHRs/4vp8mMkpTdz8ccjzfbz3GI1GmSsxN5EbdLW4+r8xgGXZ0o0jwpX
JJHtq1wikxab5+rgC/03oDlGcL2AtD7FvDJtcyGEl+5raDguwNrAuKZoF1cBnTVg
MDzQ2/zuFdeJbIWydjL9
=xwOS
-----END PGP SIGNATURE-----
View attachment "0005-vga-make-sure-vga-register-setup-for-vbe-stays-intac.patch" of type "text/plain" (2873 bytes)

View attachment "0004-vga-update-vga-register-setup-on-vbe-changes.patch" of type "text/plain" (948 bytes)

View attachment "0003-vga-factor-out-vga-register-setup.patch" of type "text/plain" (5241 bytes)

View attachment "0002-vga-add-vbe_enabled-helper.patch" of type "text/plain" (2163 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.