Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <nycvar.YSQ.7.77.849.2006091051520.30592@xnncv>
Date: Tue, 9 Jun 2020 10:58:08 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
cc: Eric Blake <eblake@...hat.com>, Xueqiang Wei <xuwei@...hat.com>
Subject: CVE-2020-10761 QEMU: nbd: reachable assertion failure
 innbd_negotiate_send_rep_verr via remote client

   Hello,

Quick Emulator(Qemu) built with the Network Block Device(NBD) Server support 
is vulnerable to a crash via assertion failure. It could occur when a 
nbd-client sends a spec-compliant request that is near the boundary of the 
maximum permitted length. A remote user/process could use this flaw to crash 
the qemu-nbd server resulting in DoS.

Upstream patch:
---------------
   -> https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg02031.html

Issue introduced since QEMU v4.2
   -> https://git.qemu.org/?p=qemu.git;a=commit;h=93676c88d7a5cd5971de94f9091eff8e9773b1af
     server:
     - Adjust things to allow full 4k name limit rather than previous 256 byte
       limit

     - It allowed nbd-client to send longer (>256 bytes) export names

This issue was reported by Eric Blake and Xueqiang Wei of Red Hat Inc.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.