Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20170212141301.GA7814@jasmine>
Date: Sun, 12 Feb 2017 09:13:01 -0500
From: Leo Famulari <leo@...ulari.name>
To: oss-security@...ts.openwall.com
Cc: ppandit@...hat.com, cve-assign@...re.org, jiangxin1@...wei.com
Subject: Re: Re: CVE request Qemu: sd: sdhci OOB access during
 multi block SDMA transfer

On Tue, Jan 31, 2017 at 10:20:47AM -0500, cve-assign@...re.org wrote:
> > Quick emulator(Qemu) built with the SDHCI device emulation support is
> > vulnerable to an OOB heap access issue. It could occur while doing a multi
> > block SDMA transfer via 'sdhci_sdma_transfer_multi_blocks' routine.
> > 
> > A privileged user inside guest could use this flaw to crash the Qemu process
> > resulting in DoS or potentially execute arbitrary code with privileges of the
> > Qemu process on the host.
> > 
> > https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html
> > https://bugzilla.redhat.com/show_bug.cgi?id=1417559
> 
> Use CVE-2017-5667.
> 
> This is not yet available at
> http://git.qemu.org/?p=qemu.git;a=history;f=hw/sd/sdhci.c but
> that may be an expected place for a later update.

This commit appears to address CVE-2017-5667:

http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=42922105beb14c2fc58185ea022b9f72fb5465e9

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.