oss-sec mailing list archives

CVE request Qemu: out of bounds memory access

From: P J P <ppandit () redhat com>
Date: Fri, 22 Aug 2014 18:16:49 +0530 (IST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

   Hello,

An out of bounds memory access flaw was found in Qemu's ACPI PCI hotpluginterface. It leads to Qemu's memory corruption via OOB write(4 bytes) andinformation disclosure(~12 bytes) through OOB read.

A user with a custom PCI device could use this flaw to leak qemu process'memory bytes or corrupt them on the host.


Upstream fix:
- -------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html

Thank you.
- --
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJT9zu6AAoJEN0TPTL+WwQfujMQAJtMJk7v8gguLfbPEj3qPpfa
Vw2x3SZIh+kO5bPSF7TqHI+O9mscWGpPxPqRz2HRlrNu7uMQgjiaLssXLmO5YjBy
2+TvLXKhDhpbr1X3IkmOkhAs+ZNJWatbHTxD4NulMEHTxrMrRkA8l0/swxTgA8m9
3d1pKx3uKHU0SQCL7oSZNTZM2VGVhwAWY4wP37gde8Gv+Tgi+wR8uxuBgXekq7IW
DVf2Q91bUtw9kor9aYrJ49BzIOyoMuQ42FNz/85ha+DCWAIr4dzyrZ7uRmJrJuz9
T0xA/8J5APdZ9+lh7CPuKta/Ysu3ardZQRcl4rBxCwBhKfIxu3blgjhgyb8FKXfK
pWegt/Ow0XQhWLmAd2mw6UW2JO2JxIVlCMJSLtDf08R62EwOB4R0w0SQwyd+c5Gi
3+nDKllig8bJ2Pap+GFmrjb6SDrjEz2Jviz22KYQWVXbyZaDpQVtS7EKpO9Svf5H
hiTGJu3JxLJj6R5xF4GCbAIfSoCcCCm54BA9nkQLjgrlhUnxEPwbu9C2yQD9XYqL
ROvebFPt+NKPDcjICs7xiHtnn9htYI4aWWfRaJlcappveCfo/a++/iBPSzV6LXsp
yuxW2MLvdZxEkYQ01EHFyE+Ooe97z4tlVigXX8dvki1s3mBiV7CwRLBP/hRzQEnM
PKeD580m8YSk8wXatKnf
=QT4+
-----END PGP SIGNATURE-----

Current thread:

CVE request Qemu: out of bounds memory access P J P (Aug 22)
- Re: CVE request Qemu: out of bounds memory access cve-assign (Aug 22)