oss-sec mailing list archives
Re: Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer
From: Leo Famulari <leo () famulari name>
Date: Sun, 12 Feb 2017 09:13:01 -0500
On Tue, Jan 31, 2017 at 10:20:47AM -0500, cve-assign () mitre org wrote:
Quick emulator(Qemu) built with the SDHCI device emulation support is vulnerable to an OOB heap access issue. It could occur while doing a multi block SDMA transfer via 'sdhci_sdma_transfer_multi_blocks' routine. A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code with privileges of the Qemu process on the host. https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html https://bugzilla.redhat.com/show_bug.cgi?id=1417559Use CVE-2017-5667. This is not yet available at http://git.qemu.org/?p=qemu.git;a=history;f=hw/sd/sdhci.c but that may be an expected place for a later update.
This commit appears to address CVE-2017-5667: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=42922105beb14c2fc58185ea022b9f72fb5465e9
Attachment:
signature.asc
Description:
Current thread:
- CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer P J P (Jan 30)
- Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer cve-assign (Jan 31)
- Re: Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer Leo Famulari (Feb 12)
- Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer cve-assign (Jan 31)