oss-sec mailing list archives
Qemu: ide: ahci use-after-free vulnerability in aio port commands
From: P J P <ppandit () redhat com>
Date: Sat, 9 Jan 2016 13:18:58 +0530 (IST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello,Qemu emulator built with the IDE AHCI Emulation support is vulnerable to a use after free(kind of) issue. It could occur after processing AHCI Native Command Queuing(NCQ) AIO commands.
A privileged user inside guest could use this flaw to crash the Qemu process instance or might potentially execute arbitrary code with privileges of the Qemu process on the host.
Upstream fix: - ------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg01184.html Reference: - ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1288532 This issue was discovered by Mr Qinghao Tang of Qihoo 360 Marvel Team. Thank you. - -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWkLtqAAoJEN0TPTL+WwQf5mAQAL1fjaFzwWBYPcDeqo3V7cFv qi+SQmltTf5GAbLPYXnzvfJpJeE7r6vsaEkOklgMTLceBysCjyfvjU+yEJHxMQcD B4ZgbqcCANXRNlmNgeL2+nXCkOs1W8Af9XeJ7KL53PP6vRMaLt3seEYZ5wsm2YUq yBQRd1PTayNhho8rJnZZA7bert87hZGKcRYcClqwddzW92d+y2Y8MkymjJxJQljB TJPBCWTHiFqwV8iLhDffcCmXdd2I0XnghX0ZzYG1bK6Dl6zIXfI91nyFFDEwxgeI R5tHx9bPvATl15AQZVkfuLPAh7KjH+JRPuDrM8d3HW6fyC04yS0Z4XQKZvRBVbtk fdvVK1kWhdTVXlulCu7M86jr61KeY7Vkkp9bNkRa5nF+yrSSvf/SKtmfRH9UJt4R NGhlXxoZgwyDyRM2dcthKQHnms0qPyU/giyillrbr42wKbpyzasFZKQDWW5QfsGY LjiV+Cj30ETINgO08i2aIMyyWVdAihpqiP5qk+LtnRiFYpsevGPVYZhF99aDMgmA 2wmHVRtPfeSClPIJiK9b83GH45cZfZQ7SCYkLX1QoAK2C10SCUBUl1GHAS+hjmBC 5wXTas9aooRxfxYyEqC5/cRCZmmKo8hJfFPjg3U8hZ8OTFsbrJB8glpUveYCM60k Eq47WaH27GAV/oKSWtkl =0a5q -----END PGP SIGNATURE-----
Current thread:
- Qemu: ide: ahci use-after-free vulnerability in aio port commands P J P (Jan 08)
- Re: Qemu: ide: ahci use-after-free vulnerability in aio port commands cve-assign (Jan 09)