oss-security - CVE request -- qemu-kvm: virtio-blk: heap buffer overflow caused by unaligned requests

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <656741753.185619.1303463295393.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
Date: Fri, 22 Apr 2011 05:08:15 -0400 (EDT)
From: Petr Matousek <pmatouse@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley@...us.mitre.org
Subject: CVE request -- qemu-kvm: virtio-blk: heap buffer overflow caused by
 unaligned requests

"It was found that virtio-blk driver in qemu-kvm did not properly validate 
read and write requests from the guest. A privileged guest user could use
this flaw to cause heap corruption, causing the guest to crash (denial of
service) or, possibly, resulting in the privileged guest user escalating
their privileges on the host."

References:
http://www.spinics.net/lists/kvm/msg51877.html
https://bugzilla.redhat.com/show_bug.cgi?id=698906

Upstream commit:
http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=52c050236eaa4f0b5e1d160cd66dc18106445c4d

Thanks,
--
Petr Matousek / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.