Date: Wed, 16 Dec 2020 18:05:58 +0100 From: Mauro Matteo Cascella <mcascell@...hat.com> To: oss-security@...ts.openwall.com Cc: Alexander Bulekov <alxndr@...edu> Subject: CVE-2020-27821 QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c Hello, A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This flaw could lead to an out-of-bounds access of the Message Signalled Interrupt (MSI-X) table while performing MMIO operations. A privileged guest user may abuse this issue to crash the QEMU process on the host, resulting in a denial of service. Upstream fix: https://git.qemu.org/?p=qemu.git;a=commit;h=4bfb024bc76973d40a359476dc0291f46e435442 This issue was reported by Alexander Bulekov (cc'd). CVE-2020-27821 was assigned by Red Hat Inc. Best regards. -- Mauro Matteo Cascella Red Hat Product Security PGP-Key ID: BB3410B0
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.