Mailinglist Archive: opensuse-bugs (4258 mails)

< Previous Next >
[Bug 1022541] New: VUL-0: kvm: qemu: sd: sdhci OOB access during multi block SDMA transfer
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Mon, 30 Jan 2017 11:30:36 +0000
  • Message-id: <bug-1022541-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1022541


Bug ID: 1022541
Summary: VUL-0: kvm: qemu: sd: sdhci OOB access during multi
block SDMA transfer
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@xxxxxxx
Reporter: mikhail.kasimov@xxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

Ref: http://seclists.org/oss-sec/2017/q1/231
=============================================
Hello,

Quick emulator(Qemu) built with the SDHCI device emulation support is
vulnerable to an OOB heap access issue. It could occur while doing a multi
block SDMA transfer via 'sdhci_sdma_transfer_multi_blocks' routine.


A privileged user inside guest could use this flaw to crash the Qemu process
resulting in DoS or potentially execute arbitrary code with privileges of the
Qemu process on the host.


Upstream patch:
---------------
-> https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html

Reference:
----------
-> https://bugzilla.redhat.com/show_bug.cgi?id=1417559

This issue was reported by Jiang Xin of Huawei PSIR team.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
=============================================

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
This Thread
  • No further messages