Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 10 Sep 2017 21:54:31 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Cc: David Buchanan <d@...buchanan.co.uk>, Michael Tokarev <mjt@....msk.ru>
Subject: Re: CVE-2017-13673 Qemu: vga: reachable assert
 failure during during display update

Hi!

On Wed, Aug 30, 2017 at 03:34:51PM +0530, P J P wrote:
>   Hello,
> 
> Quick emulator(Qemu) built with the VGA display emulator support is
> vulnerable to an assert failure issue. It could occur while updating
> graphics display, due to miscalculating region for dirty bitmap snapshot in
> split screen mode.
> 
> A privileged user/process inside guest could use this flaw to crash the Qemu
> process on the host resulting in DoS.
> 
> Upstream patch:
> ---------------
>   -> https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html
> 
> Reference:
> ----------
>   -> https://bugzilla.redhat.com/show_bug.cgi?id=1486588
> 
> This issue was reported by David Buchanan.

Can you clarify the affected versions? I noticed while looking at the
above, that MITRE description mentions "Qemu 2.8.0 through 2.9.0". I
perfectly realize those does not come from the above.  As far as I can
see, e.g. cpu_physical_memory_snapshot_get_dirty was only introduced
in v2.10.0-rc0. The upstream commit associated with the above issue
is:

 https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=bfc56535f793c557aa754c50213fc5f882e6482d

which fixes

 https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=fec5e8c92becad223df9d972770522f64aafdb72

introducing the use of dirty bitmap snapshots in vga_draw_graphic().

Do I miss something makeing it affecting as well earlier versions than
2.10?

Regards and thanks already for your help,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ