oss-sec mailing list archives

CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array

From: P J P <ppandit () redhat com>
Date: Tue, 18 Dec 2018 14:23:07 +0530 (IST)

  Hello,

An out-of-bound stack buffer r/w access issue was found in QEMU's generic RDMAback-end implementation. It could occur when a driver tries to buildscatter/gather element's array in build_host_sge_array() routine.

A guest user/process could use this flaw to crash the QEMU process resultingin DoS.


Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02822.html

This issue was reported by Saar Amar.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

Current thread:

CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array P J P (Dec 18)
- Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array saar amar (Dec 18)
  - Re: Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array Agostino Sarubbo (Dec 18)
  - Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array P J P (Dec 18)