Date: Sun, 12 Feb 2017 09:13:01 -0500 From: Leo Famulari <leo@...ulari.name> To: oss-security@...ts.openwall.com Cc: ppandit@...hat.com, cve-assign@...re.org, jiangxin1@...wei.com Subject: Re: Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer On Tue, Jan 31, 2017 at 10:20:47AM -0500, cve-assign@...re.org wrote: > > Quick emulator(Qemu) built with the SDHCI device emulation support is > > vulnerable to an OOB heap access issue. It could occur while doing a multi > > block SDMA transfer via 'sdhci_sdma_transfer_multi_blocks' routine. > > > > A privileged user inside guest could use this flaw to crash the Qemu process > > resulting in DoS or potentially execute arbitrary code with privileges of the > > Qemu process on the host. > > > > https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html > > https://bugzilla.redhat.com/show_bug.cgi?id=1417559 > > Use CVE-2017-5667. > > This is not yet available at > http://git.qemu.org/?p=qemu.git;a=history;f=hw/sd/sdhci.c but > that may be an expected place for a later update. This commit appears to address CVE-2017-5667: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=42922105beb14c2fc58185ea022b9f72fb5465e9 Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.