oss-sec mailing list archives
Re: CVE request Qemu: ide: divide by zero issue
From: Qinghao Tang <luodalongde () gmail com>
Date: Fri, 11 Sep 2015 10:24:47 +0800
please add this vulnerability information at https://access.redhat.com/security/cve/CVE-2015-6855. Thanks. 2015-09-11 3:25 GMT+08:00 <cve-assign () mitre org>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256Qemu emulator built with the IDE disk and CD/DVD-ROM emulation support is vulnerable to a divide by zero issue. It could occur while executing anIDEcommand WIN_READ_NATIVE_MAX to determine the maximum size of a drive. A privileged user inside guest could use this flaw to crash the Qemuinstanceresulting in DoS. The fix disables undue IDE commands for CD-ROM drives. https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg02479.htmlIn this case, we are assigning a CVE ID for the primary problem statement in the msg02479.html post, i.e., the "All other commands are illegal to send to an ATAPI device and should be rejected by the device" statement. Use CVE-2015-6855. The divide-by-zero error is resultant, and serves as a demonstration of how an illegal command can have a security impact. It is conceivable that other security impacts may be discovered later. (not yet available at http://git.qemu.org/?p=qemu.git;a=history;f=hw/ide/core.c) - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJV8diyAAoJEL54rhJi8gl5uHgQAJTCJFsIvOV4bvGLr2IBeyyT WuyKhVTjHPnI05gIN/GetgRg53OkxX7p2PtlCW4+X6GtDizwY6ia4QwS1dKJeKZr GCaeU8NgiOoeGYj674yPrd2qfLzI1IaBcl5Hn2NMTjRquJQfSfrcWG8OuH+K9Zlp Rg+8XLhdiryDGmslj0fb6aq+XlSfApszdaR1kFLX1zJzLBFlYeueUfDkZNTLmQmI E6tDCxn8oE6yEVdWHIciwt09yRYLQORGVR619mXkVMXNguXzgJpe66poAUDbSmcC W0RdGoAHnS0iqz6eq1e+AsFQhP0zvGfQpCm7Od08EMEbvQAmk7dOjYs/qZN5KHkI m1AshF0MmlxUsCS6kNIOJbQp0YsAhflHV7oZ24HWy0NF0bytM3sZFiWIPSE66N1G OVdp6/NRVg4gGvOm/XeP09zezkR/PkPETfVldg9ffPsIx3LUQBFZK9HtAx6wJA6w 3pNVNktvE7LxNIzfvlGChkhvy4q07E4er2jEKGCMlYDp8zd7HKm+8eE2DFhz74xP n+VaCpbeQ/0oilZLWlkA50WY2nrI6Ndf07pjw7y7ZozZBvgwGKkXsBLwRh4OByvd IFC2zeTkbT609DhMY/hQQaVTjT+T5M35wqaCe3Xo2nq4vltf03i5w57yRy3gEUKq 20FvsUHrETz9JjTtxRgI =8VhV -----END PGP SIGNATURE-----
Current thread:
- CVE request Qemu: ide: divide by zero issue P J P (Sep 09)
- Re: CVE request Qemu: ide: divide by zero issue cve-assign (Sep 10)
- Re: CVE request Qemu: ide: divide by zero issue Qinghao Tang (Sep 11)
- Re: CVE request Qemu: ide: divide by zero issue P J P (Sep 10)
- Re: CVE request Qemu: ide: divide by zero issue Qinghao Tang (Sep 11)
- Re: CVE request Qemu: ide: divide by zero issue cve-assign (Sep 10)