oss-sec mailing list archives
Re: CVE request: qemu host crash from within guest
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 26 Sep 2013 13:39:52 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/26/2013 12:39 PM, Vincent Danen wrote:
Could a CVE be assigned to the following? A dangling pointer access flaw was found in the way qemu handled hot-unplugging virtio devices. This flaw was introduced by virtio refactoring and exists in the virtio-pci implementation. When the virtio-blk-pci device is deleted, the virtio-blk-device is removed first (removal is done in post-order). Later, the virtio-blk-device is accessed again, but proxy->vdev->vq is no longer valid (a dangling pointer) and kvm_set_ioeventfd_pio fails. A privileged guest user could use this flaw to crash the qemu process on the host system, causing a denial of service to it and any other running virtual machines. References: https://bugzilla.redhat.com/show_bug.cgi?id=1012633 http://thread.gmane.org/gmane.comp.emulators.qemu/234440
Please use CVE-2013-4377 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSRI2HAAoJEBYNRVNeJnmTf28P+gIUs+th2lHuuvusTOC5bkO0 0h3MCDOMs7KwbmzUYPxi1bbBDEpVsiHlhfEgBlYQQFJ1kcTwEf3FHqos5XHaMdlf 3BSQgyTwMp79U4yt2qXW23M8PG0yaCzVSqzqfPhVxuDCuG7IebUn9gqXd9UbFOS/ 41qPyMz1/NJxV7zJF3FvMxRrUMGo6q3GIdeVaSha9qYfgCU+b8x1abi/nk2ogAiH u0U9LuKtU7E2H9DVEN7LE0HKDJlopUk+9v2ycsgO7fE8N32LEyq4DAskO7DlPU0B Tc4MpKa9EBPt91/oWVxfIMXGo90vTluy+IZ5cuokVCV/iR6YDY17iI8z+QycLHN5 Yj7pBKKxYYcSEs8wGW79JKW6/Bh/YnzIbK5i2VMXHk2FONKl+StLmnEe2JYHdwC9 3ItlINii8YHreDKalr3m0rHODHTg0J8tjUn/540gQbmwcYICGL7bbp/yLLA6xyBt RHJhmwkxzI8dIlJc5fD9yGIJW8915FQr6thJeXogLTMc1U1rN498QBgvPvqRjwpj sYUMX20H2XbniVrkBvSnhy6IPVFJwa+o7MqYmvZ8o9+nLXOd4oN+cJTWUEipoJuk 0oPOmBpJhMpuokSasoVpwrFXyrQmfDLS1ZuhDcQgu5ueFMezdHQiOpbwEAOlRmyX dxVp59HWHuMw/rjwFV7M =Yk2H -----END PGP SIGNATURE-----
Current thread:
- CVE request: qemu host crash from within guest Vincent Danen (Sep 26)
- Re: CVE request: qemu host crash from within guest Kurt Seifried (Sep 26)