Date: Tue, 9 Jun 2020 10:58:08 +0530 (IST) From: P J P <ppandit@...hat.com> To: oss security list <oss-security@...ts.openwall.com> cc: Eric Blake <eblake@...hat.com>, Xueqiang Wei <xuwei@...hat.com> Subject: CVE-2020-10761 QEMU: nbd: reachable assertion failure innbd_negotiate_send_rep_verr via remote client Hello, Quick Emulator(Qemu) built with the Network Block Device(NBD) Server support is vulnerable to a crash via assertion failure. It could occur when a nbd-client sends a spec-compliant request that is near the boundary of the maximum permitted length. A remote user/process could use this flaw to crash the qemu-nbd server resulting in DoS. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg02031.html Issue introduced since QEMU v4.2 -> https://git.qemu.org/?p=qemu.git;a=commit;h=93676c88d7a5cd5971de94f9091eff8e9773b1af server: - Adjust things to allow full 4k name limit rather than previous 256 byte limit - It allowed nbd-client to send longer (>256 bytes) export names This issue was reported by Eric Blake and Xueqiang Wei of Red Hat Inc. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.