Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <52448D88.20303@redhat.com>
Date: Thu, 26 Sep 2013 13:39:52 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Vincent Danen <vdanen@...hat.com>
Subject: Re: CVE request: qemu host crash from within guest

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/26/2013 12:39 PM, Vincent Danen wrote:
> Could a CVE be assigned to the following?
> 
> A dangling pointer access flaw was found in the way qemu handled 
> hot-unplugging virtio devices.  This flaw was introduced by virtio 
> refactoring and exists in the virtio-pci implementation.  When the 
> virtio-blk-pci device is deleted, the virtio-blk-device is removed
> first (removal is done in post-order).  Later, the
> virtio-blk-device is accessed again, but proxy->vdev->vq is no
> longer valid (a dangling pointer) and kvm_set_ioeventfd_pio fails.
> 
> A privileged guest user could use this flaw to crash the qemu
> process on the host system, causing a denial of service to it and
> any other running virtual machines.
> 
> References:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1012633 
> http://thread.gmane.org/gmane.comp.emulators.qemu/234440
> 

Please use CVE-2013-4377 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSRI2HAAoJEBYNRVNeJnmTf28P+gIUs+th2lHuuvusTOC5bkO0
0h3MCDOMs7KwbmzUYPxi1bbBDEpVsiHlhfEgBlYQQFJ1kcTwEf3FHqos5XHaMdlf
3BSQgyTwMp79U4yt2qXW23M8PG0yaCzVSqzqfPhVxuDCuG7IebUn9gqXd9UbFOS/
41qPyMz1/NJxV7zJF3FvMxRrUMGo6q3GIdeVaSha9qYfgCU+b8x1abi/nk2ogAiH
u0U9LuKtU7E2H9DVEN7LE0HKDJlopUk+9v2ycsgO7fE8N32LEyq4DAskO7DlPU0B
Tc4MpKa9EBPt91/oWVxfIMXGo90vTluy+IZ5cuokVCV/iR6YDY17iI8z+QycLHN5
Yj7pBKKxYYcSEs8wGW79JKW6/Bh/YnzIbK5i2VMXHk2FONKl+StLmnEe2JYHdwC9
3ItlINii8YHreDKalr3m0rHODHTg0J8tjUn/540gQbmwcYICGL7bbp/yLLA6xyBt
RHJhmwkxzI8dIlJc5fD9yGIJW8915FQr6thJeXogLTMc1U1rN498QBgvPvqRjwpj
sYUMX20H2XbniVrkBvSnhy6IPVFJwa+o7MqYmvZ8o9+nLXOd4oN+cJTWUEipoJuk
0oPOmBpJhMpuokSasoVpwrFXyrQmfDLS1ZuhDcQgu5ueFMezdHQiOpbwEAOlRmyX
dxVp59HWHuMw/rjwFV7M
=Yk2H
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.