Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAA8xKjXKseHt=cdka4K5+hQCXTD88=uyKxYJ-UQW6+ZoczTp2A@mail.gmail.com>
Date: Wed, 16 Dec 2020 18:05:58 +0100
From: Mauro Matteo Cascella <mcascell@...hat.com>
To: oss-security@...ts.openwall.com
Cc: Alexander Bulekov <alxndr@...edu>
Subject: CVE-2020-27821 QEMU: heap buffer overflow in
 msix_table_mmio_write() in hw/pci/msix.c

Hello,

A flaw was found in the memory management API of QEMU during the
initialization of a memory region cache. This flaw could lead to an
out-of-bounds access of the Message Signalled Interrupt (MSI-X) table
while performing MMIO operations. A privileged guest user may abuse
this issue to crash the QEMU process on the host, resulting in a
denial of service.

Upstream fix:
https://git.qemu.org/?p=qemu.git;a=commit;h=4bfb024bc76973d40a359476dc0291f46e435442

This issue was reported by Alexander Bulekov (cc'd).
CVE-2020-27821 was assigned by Red Hat Inc.

Best regards.
-- 
Mauro Matteo Cascella
Red Hat Product Security
PGP-Key ID: BB3410B0

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.