Mailinglist Archive: opensuse-bugs (4246 mails)

< Previous Next >
[Bug 1021129] New: VUL-0: kvm: qemu: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Fri, 20 Jan 2017 15:34:46 +0000
  • Message-id: <bug-1021129-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1021129


Bug ID: 1021129
Summary: VUL-0: kvm: qemu: watchdog: memory leakage in virtual
hardware watchdog wdt_i6300esb
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: KVM
Assignee: kvm-bugs@xxxxxxxxxxxxxxxxxxxxxx
Reporter: mikhail.kasimov@xxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

Ref: http://seclists.org/oss-sec/2017/q1/155
==============================================
Hello,

Quick Emulator(Qemu) built with the virtual hardware watchdog 'wdt_i6300esb'
support is vulnerable to a memory leakage issue. It could occur while doing a
device unplug operation; Doing so repeatedly would result in leaking host
memory, affecting other services on the host.


A privileged user inside guest could use this flaw to cause a DoS and/or
potentially crash the Qemu process on the host.


Upstream patch:
---------------
-> https://lists.nongnu.org/archive/html/qemu-devel/2016-12/msg03104.html

Reference:
----------
-> https://bugzilla.redhat.com/show_bug.cgi?id=1415199

This issue was reported by Mr Li Qiang of 360.cn Inc.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
==============================================

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
This Thread
  • No further messages