oss-sec mailing list archives

CVE request Qemu: usb: ehci null pointer dereference in ehci_caps_write

From: P J P <ppandit () redhat com>
Date: Fri, 29 Jan 2016 21:43:37 +0530 (IST)

  Hello,

Qemu emulator built with the USB EHCI emulation support is vulnerable to anull pointer dereference flaw. It could occur when an application attempts towrite to EHCI capabilities registers.

A privileged user inside quest could use this flaw to crash the Qemu processinstance resulting in DoS.


Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05899.html

Reference:
----------
  -> https://bugzilla.redhat.com/show_bug.cgi?id=1301643

This issue was discovered by Mr Zuozhi Fzz of Alibaba Inc.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

Current thread:

CVE request Qemu: usb: ehci null pointer dereference in ehci_caps_write P J P (Jan 29)
- Re: CVE request Qemu: usb: ehci null pointer dereference in ehci_caps_write cve-assign (Jan 29)