oss-sec mailing list archives
Re: CVE-2021-3527 QEMU: usb: unbounded stack allocation in usbredir
From: Mauro Matteo Cascella <mcascell () redhat com>
Date: Fri, 7 May 2021 16:07:04 +0200
On Wed, May 5, 2021 at 7:09 PM Mauro Matteo Cascella <mcascell () redhat com> wrote:
Upstream patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg00564.html
Note that the xhci patch was dropped [1] and a new USB patchset has been proposed without it [2]. As discussed upstream, this could leave room for unbound allocation on the heap, although more difficult to exploit by the guest to crash the QEMU process on the host. [1] https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01372.html [2] https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01373.html -- Mauro Matteo Cascella Red Hat Product Security PGP-Key ID: BB3410B0
Current thread:
- CVE-2021-3527 QEMU: usb: unbounded stack allocation in usbredir Mauro Matteo Cascella (May 05)
- Re: CVE-2021-3527 QEMU: usb: unbounded stack allocation in usbredir Mauro Matteo Cascella (May 07)