Date: Sun, 10 Sep 2017 21:54:31 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Cc: David Buchanan <d@...buchanan.co.uk>, Michael Tokarev <mjt@....msk.ru> Subject: Re: CVE-2017-13673 Qemu: vga: reachable assert failure during during display update Hi! On Wed, Aug 30, 2017 at 03:34:51PM +0530, P J P wrote: > Hello, > > Quick emulator(Qemu) built with the VGA display emulator support is > vulnerable to an assert failure issue. It could occur while updating > graphics display, due to miscalculating region for dirty bitmap snapshot in > split screen mode. > > A privileged user/process inside guest could use this flaw to crash the Qemu > process on the host resulting in DoS. > > Upstream patch: > --------------- > -> https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html > > Reference: > ---------- > -> https://bugzilla.redhat.com/show_bug.cgi?id=1486588 > > This issue was reported by David Buchanan. Can you clarify the affected versions? I noticed while looking at the above, that MITRE description mentions "Qemu 2.8.0 through 2.9.0". I perfectly realize those does not come from the above. As far as I can see, e.g. cpu_physical_memory_snapshot_get_dirty was only introduced in v2.10.0-rc0. The upstream commit associated with the above issue is: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=bfc56535f793c557aa754c50213fc5f882e6482d which fixes https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=fec5e8c92becad223df9d972770522f64aafdb72 introducing the use of dirty bitmap snapshots in vga_draw_graphic(). Do I miss something makeing it affecting as well earlier versions than 2.10? Regards and thanks already for your help, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.