|
Message-ID: <alpine.LFD.2.10.1406231834330.29086@wniryva.cad.erqung.pbz> Date: Mon, 23 Jun 2014 18:36:11 +0530 (IST) From: P J P <ppandit@...hat.com> To: oss security list <oss-security@...ts.openwall.com> Subject: CVE-2014-3471 Qemu: hw: pci: use after free triggered via guest -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Qemu PCIe bus support is vulnerable to a use-after-free flaw. It could occur via guest, when it tries to hotplug/hotunplug devices on the guest. A user able to add & delete Virtio block devices on a guest could use this flaw to crash the Qemu instance resulting in DoS. Upstream fix: - ------------- -> https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html Thank you. - -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTqCZDAAoJEN0TPTL+WwQf6ooP/04A9RjbsqIomiYV5XaVQCU4 BRf3YUoxcwxm9RvnJbdteEfjNCbsjtVDZ07u9JOr06zlgI7CiO+Mgv9NtQUHeZAb JafpFbBMKfTykjyWyvubVihfugYHAZwY5UdHXdfazeZuZrnSVA7b98szBGrwe075 yPUTVf5G49F1Y8z4TvRFiG6rYj19cQihoKwzboJ+LJjNTVk5stBEUxEXwFYcIPIw BHdiy/Uqq9HzmUlimOgEZ7ixlDWC92zlln0CWgaKK5KugEwiyOtmA6n4B6BbQbo5 0e0XimJ67dC6nNfRn9+PDx3IQsJYGJ405mkheL5lDj43hauGDO/by3Oy/Rqns/Nm +5eycIAy5oD+PCKCv5NynaHS9OG/WjRwbYEQZfGtaLLGQxSR4terQMV2ZBPT92Mt U6295bR4q56VFpEBqNpSqPs97775kKv717FGZ72y5Hmu2mY3XdEXhLSPqYvwoE0M azgBGb4s2mc0DZvKz1Yhy8Q7Z0fWRIXyzsZyyzLjfZgEDvgvHUo+Fh7wmfc7hsYx qlrIocGCad7lTkQGXlC0E8elD5Vfc9FB1g0VK5JRP6EtAez4c+o/KYBEZR6L+vpZ Q12EHAp/qcQjupDhrjqta7TB+kxTKcHjQ7w81j2JAZhR6XW1FAFrmYVZklqMLgU7 lpULw4V70H6kAXnl87m3 =jtkJ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.