oss-sec mailing list archives
Linux/QEMU issue
From: Jamie Strandboge <jamie () canonical com>
Date: Tue, 8 Dec 2009 21:52:37 -0600
Ubuntu recently released http://www.ubuntu.com/usn/USN-863-1 against qemu. Due to an oversight, this was not brought to the attention of oss-security before now. This issue is public and fixed upstream, and affects guests using a 2.6.25 kernel (or backported virtio net drivers from the 2.6.25 kernel, like our 8.04 LTS release does). Specifically, if a guest with the affected virtio net drivers is running under qemu/kvm, then if you saturate a network connection to the guest, the guest will crash. This is https://launchpad.net/bugs/458521. There was not consensus on whether this should get a CVE. You can see the patch and upstream discussion here: http://patchwork.kernel.org/patch/56479/ The bug is really two parts though: the qemu issue which crashes the guest, and the guest kernel writing garbage to the virtio net backend. We decided to fix it as a security update in qemu since a remote attacker could DoS an Ubuntu 8.04 LTS guest, possibly leading to data corruption within the guest. 2.6.26 and later kernels should not be affected. Jamie -- Jamie Strandboge | http://www.canonical.com
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Linux/QEMU issue Jamie Strandboge (Dec 08)
- Re: Linux/QEMU issue Steven M. Christey (Dec 23)