Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAA8xKjWKrn+JxskDdH1ULYUSFDvqTZ-doGTd=e_vrSSc8PD-EA@mail.gmail.com>
Date: Fri, 7 May 2021 16:07:04 +0200
From: Mauro Matteo Cascella <mcascell@...hat.com>
To: oss-security@...ts.openwall.com
Cc: Remy Noel <remy.noel@...de-group.com>
Subject: Re: CVE-2021-3527 QEMU: usb: unbounded stack
 allocation in usbredir

On Wed, May 5, 2021 at 7:09 PM Mauro Matteo Cascella
<mcascell@...hat.com> wrote:
>
> Upstream patchset:
> https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg00564.html

Note that the xhci patch was dropped [1] and a new USB patchset has
been proposed without it [2]. As discussed upstream, this could leave
room for unbound allocation on the heap, although more difficult to
exploit by the guest to crash the QEMU process on the host.

[1] https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01372.html
[2] https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01373.html

-- 
Mauro Matteo Cascella
Red Hat Product Security
PGP-Key ID: BB3410B0

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.