oss-sec mailing list archives
Re: CVE Request Qemu: scsi: megasas: stack information leakage while reading configuration
From: cve-assign () mitre org
Date: Thu, 26 May 2016 14:22:31 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Quick Emulator(Qemu) built with the MegaRAID SAS 8708EM2 Host Bus Adapter emulation support is vulnerable to an information leakage issue. It could occur while processing MegaRAID Firmware Interface(MFI) command to read device configuration in 'megasas_dcmd_cfg_read'. A privileged user inside guest could use this flaw to leak host memory bytes. https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html https://bugzilla.redhat.com/show_bug.cgi?id=1339583
When reading MegaRAID SAS controller configuration via MegaRAID Firmware Interface(MFI) commands, routine megasas_dcmd_cfg_read uses an uninitialised local data buffer. Initialise this buffer to avoid stack information leakage.
Use CVE-2016-5105. This is not yet available at http://git.qemu.org/?p=qemu.git;a=history;f=hw/scsi/megasas.c but that may be an expected place for a later update. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXRzxiAAoJEHb/MwWLVhi2qVUP/AsvBiRL5zXD4C4Kx/LCRyCE PbG+dd7HH27fm5UHvev40MLvZ9tXQok3hV2XlMMBvvLzkIwFfxYA67qOmJJAF76d ae200JbEbdIKYF8EMANPzbh4xKZ/bpRD8cD43kBWpvr0oGzHsJzP7K1147844kFx R9nT3b18k18YhbxO/kEGi4ssDoFx3Orqrdi6mYQWU6UeZQtwkjTpGOg0pKFubtoW htAhGT/8LPS4NxzVyCcAhLRb8Gk403IlmHnB3b/T7frUcx6hjSJqVm2mShAO5tT3 iLYPjDcbljFjhQ9KFuFcflDKRFoZU5eQjFyx0kJ99QqlnmvPmOB0ks9RYWfUROWq 7D7s3SW8jmqK8Q1LcANHw3hDYNabVQzrY+R31fAM/BmhmdWzlDIDXs/z/lXBzsdk gQkDbOD4Zizfi9XwN+Su2wp8ZkG25tO5t5je0au+irHck53lPzJYI6UgKWw82O1S lEsMZj8dvn+qcOvOYZrQr/awQ13nz+1VjbwiOn4Ce0cS35mRXAMYM2uRvj7NIVrR qZrSavg/TN+tOAxKKDcrLyipwoSBtjeXyGp22MWYv+es2jdt9RJ9RFDl6mrlOy2i eV0KPnXpEYqqGRrLaYLYUPAosfYyQiHW0aMIpMOKNNJ++Fw2SgeJGGu/W5fsdUW/ StE1XDD/7pcOjCT2bJw5 =kowa -----END PGP SIGNATURE-----
Current thread:
- CVE Request Qemu: scsi: megasas: stack information leakage while reading configuration P J P (May 25)
- Re: CVE Request Qemu: scsi: megasas: stack information leakage while reading configuration cve-assign (May 26)