oss-sec mailing list archives
CVE request Qemu: i386: null pointer dereference in vapic_write
From: P J P <ppandit () redhat com>
Date: Sat, 16 Jan 2016 11:21:24 +0530 (IST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello,Qemu emulator built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference.
A user/process could use this flaw to crash the Qemu instance, resulting in DoS issue.
Upstream patch: - --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg02812.html Reference: - ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1283934 This issue was discovered by Mr Ling Liu of Qihoo 360 Inc. Thank you. - -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWmdpcAAoJEN0TPTL+WwQfQFgP/R+7d+gu6FI/vnMOm5GkIrT6 r4Are28blvOv3rpiFBVhZdZnguM6AnVcxUw0bDFqXx4VRWRr+1efP3NmLHP+WkBm UA7Kx5PPvqboB2eDapdFO2IOtkZj65MvfNhQIqRGNZK/Oc+87jLESE4FjcYMewPu I496GavUhCvXmwUESVycRlvUt4MG1CLutFrV9oZ3X97P7GjOZZopO38+u6sUKOHG k4isp4UxKQ2h4i72uLTnyVf6KvQPotD/Xsu68mLhfLDbC3yY3f2feotKTiSPozbl mZqJq8H0Y76re2vkYCYsdyPCrrLMgENlggG+lJlRm695i6kd0/qVVfkTnKFSTBsg adHlUBzXx65kR1HW4wkcypVCzP1uP7CWGTvH7dImOs3pw+mYFKpGxPpCc6MQQnXz DyensHIEkJE1K4gwXhtFwh98oTGRCgkLhfllt7L8DTqQ8zbiGjZ9YB3TPKIDnXL9 +OeHmH6fxHgG6dKIlnEA9MnyzVzWjAW6niRUJngOvpPPXRc2hkeyq1pQipJzR0jR oeqw6GeivT037UVh5gvoc2xUDA0KthLhN286O/P9eGmNXPfoK4cb7WzMswrQCFki vF7aUrPB08VrCqNQ6B1BoIslFS1AHox6lYF+D/hS9VpwtHpGpbhN/Puw7lDt877D etdsl05ZqHxRIZyzcrXr =Rkz7 -----END PGP SIGNATURE-----
Current thread:
- CVE request Qemu: i386: null pointer dereference in vapic_write P J P (Jan 15)
- Re: CVE request Qemu: i386: null pointer dereference in vapic_write cve-assign (Jan 16)