oss-sec mailing list archives
Re: CVE request: Qemu: 9pfs: host memory leakage in v9fs_read
From: cve-assign () mitre org
Date: Mon, 10 Oct 2016 13:51:45 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Quick Emulator(Qemu) built with the virtio-9p back-end support is vulnerable to a memory leakage issue. It could occur while doing a I/O read operation in v9fs_read() routine. A privileged user/process inside guest could use this flaw to crash the Qemu process instance resulting in DoS. https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07127.html
Use CVE-2016-8577. This is not yet available at http://git.qemu.org/?p=qemu.git;a=history;f=hw/9pfs/9p.c but that may be an expected place for a later update. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX+9Q0AAoJEHb/MwWLVhi25+sQAIvJVq0jkV+yHeVKA95GPwuC u1Khmdz9uLRHxSriWfHRM8P/lHHFaJ6YIS8Dn1BvcWh6b/96xkjML9uKl2O2Zmb/ EIJu2RZk4vKJV7+XGv2uKxxd+ysfMTCwSB5ktJh9id5fKSbLrMNsIRmrAty3CA98 +pW2HRSUFUdygfBB8Ubd2OAIdWL5Ggfd3zKC5CV0q77+qYTFiupXXZGgOr0Yxaky 7tsf/aviEJPraro5vWwC3Qtg12CEn+wz/WimFFi4P4ejDFUWPQOcIjMScvfIEwOT 0n+lzysBA0pU3okv0CVkq1WeG5eCuC5+sN40zWp3tlEGNRXQAsyY27uoMMT4qgAw 0lvLe77ZgXRsM3HbS8TfxhJy75dHyJTNymyWjfTRkdC1Gii3FyK2bpQuOeq8fnr3 v1FEqnhoPGSgzWSdjlu367gEZ78KuaLgD2qqmxyvUmum127dhiBkGmhSqSSCbmNd NVWAzXeKWUbZv0jT4qigZ/68zXCoRdXUBCe4hsknjevAUA+h/wI/L8KB1rQC4gw9 ZZAtUotefB67bfMSdMsVLT6e2aR6laBrwOTttqf6dDStTgVeeSfpmUezaD7nXv92 1gihMM+4S7HM8wJVjd1c415Q25Vtk72S/1hpuEQse24tbcs5bfXLWrvhHjWXUCBJ LY2WgmOMb06yZp0j8SJs =8uAy -----END PGP SIGNATURE-----
Current thread:
- CVE request: Qemu: 9pfs: host memory leakage in v9fs_read P J P (Oct 10)
- Re: CVE request: Qemu: 9pfs: host memory leakage in v9fs_read cve-assign (Oct 10)