Re: CVE request Qemu: usb: integer overflow in remote NDIS control message handling

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Qemu emulator built with the USB Net device emulation support is vulnerable to
> an integer overflow issue. It could occur while processing remote NDIS control
> message packets. As the incoming informationBufferOffset & Length combination
> could cross the integer range.
>
> A privileged user inside guest could use this flaw to leak host memory bytes
> to guest or crash the Qemu process instance resulting in DoS.
>
> https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03658.html
> https://bugzilla.redhat.com/show_bug.cgi?id=1303120
> http://git.qemu.org/?p=qemu.git;a=commit;h=fe3c546c5ff2a6210f9a4d8561cc64051ca8603e

Use CVE-2016-2538.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWzIuYAAoJEL54rhJi8gl5DgIP/0fv8AMSd2UpPw15iW5ZHpMW
Zf3Jhk66jJthy3CWUcZmdnjX9JWCOcVsbSbRbuGcVnuh4neNV1hQrWJk5VO/IuSl
fLD6OiiMk/3vgjfJwjkDLEXgFZdobTh/kM5pGKeNz24g/9erPImMyQrvx6jDIMkH
4+k7qm/fQrOaC7jYgNkF3ftulD7cTyDe1rJkuCGnxG0I0kOLzxsqWUEoCYZn3GJC
HBgv+mT0O+Z1Q6YkBV4a75mTnq4/sj+bpz+KCqX2cNXnddn4KvNPDufb75FVuBEa
EiQjnBpp1O2LukBs4Z39d9+EFYIlUQgrtjeN2m1jeWZmtGBpwa7N51NGUp1ybIKQ
6wQ+AlB3HIAMKXXMXK94jw6zj+KQwioT7PR6D0hKMY/8VbVvm8Q4Wwx7da9jzP/l
rjJzBQUw6BZf67z/0HAS0R/150Kw6KTzH4k5a2Qf5aY0V4KUAEEKCZisfEEiCZ/4
LwAMcoZmu/8SMGdVPZPsZ+K2BUEdWF8j5o2y9Ki9I8kTEGMffE81uj88TZte9R/j
VrQQ4Rtg+A2NQHcpg1cf37vEKP+uEFWnRH42LKkffsrfK9ULsPe+4hc93f6M9Ggo
ja8lzqaio5iMPcU6AHY7CsW3TR66P73809RdjiIqOh5Izg19qdZxvk6OvYqDZ3Bq
e4YbRFlNvht23xUA1jnD
=at9D
-----END PGP SIGNATURE-----