Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 30 May 2016 19:14:11 -0400 (EDT)
From: cve-assign@...re.org
To: ppandit@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Quick Emulator(Qemu) built with the Block driver for iSCSI images(virtio-blk)
> support is vulnerable to a heap buffer overflow flaw. It could occur while
> processing iSCSI asynchronous I/O ioctl(2) calls.

> A user inside guest could use this flaw to crash the Qemu process resulting in
> DoS OR potentially leverage it to execute arbitrary code with privileges of
> the Qemu process on the host.

> https://bugzilla.redhat.com/show_bug.cgi?id=1340924
> https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html

>> at least in the path via virtio-blk the maximum size is not
>> restricted.

Use CVE-2016-5126.

This is not yet available at
http://git.qemu.org/?p=qemu.git;a=history;f=block/iscsi.c but
that may be an expected place for a later update.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXTMkCAAoJEHb/MwWLVhi24uQQAJ4N5kMcseYpiFJFYmP8Ytmy
itkiZjCmNUWkPJqyIcYXCPK4Ro50yVRVenEem/9sgD9gRIQ+3qfTzEHKSnOqBAd8
s4cVhhqse3hY9JIk4x+Bt/p75siub51ulE00X2joAdcJZJsWqZpzW/luYUjaiuV7
7tWJ7PMZONe49nsc5mOe4c04QusPDCLyLXcVLKVKdthqQVp3vdWT/0i8GnvuTtQg
2kNOCRogxxZMHQnp5MwfujZ+BnwiHhMNgbaaM+LBou0eNhmST8AVwFAjRL4s0zeK
MguYFDQLocCFgHKGFolNY6536Sdh4s3tj3omN3gniZMhxtqNkOrJGcPV1Mti8UUU
sbbDyPrt/d63GIvBYNUNNWlE9rRsmnFn5pIhG30sLIdXOKNnK2RZO0mnQBBlXbUr
IrE0WCe4r6sLjL9BDcJPqteODgpM+8MQIHwTdUuTKT9/NWy2DRw14msNph9QYZFa
BjQQ8XrdbOrPqNO6awSax8ooUp9ZbqI3Blb5CYPgDRTslBdR85G9qzziEs7Yb9m2
Eb0LpZAuvCuye8iC2Maa116MrNXigMTMFt0hTBCvkLDFmhLmSbtY3DbIckTMErJN
F1H3iTFAIHdN9bOc185TZIGyYOSgfnAIEMEAk77Miajy2I9daKb6h6jU/mGeSuLs
EtF3PrQSiMjrSTr6a52D
=ZB0r
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.