oss-sec mailing list archives
CVE-2016-3712 Qemu: vga: out-of-bounds read and integer overflow issues
From: P J P <ppandit () redhat com>
Date: Mon, 9 May 2016 17:40:04 +0530 (IST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello,An out-of-bounds read and integer overflow issue was reported in the Qemu emulator's VGA module.
Qemu VGA module allows guest to edit certain registers in 'vbe' and 'vga' modes. ie. guest could set certain 'VGA' registers while in 'VBE' mode. This leads to potential integer overflow or OOB read access issues in Qemu, resulting in DoS by crashing the Qemu process on the host. (Moderate)
A privileged guest user could use this flaw to crash the Qemu process on the host.
'CVE-2016-3712' has been assigned to this issue by Red Hat Inc. Patches are attached herein to help fix this issue.
This issue was discovered and reported by Zuozhi Fzz of Alibaba Inc. Thank you. - -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJXMH4cAAoJEN0TPTL+WwQfJQ8QAIskTPJjmQ5o2OMyIgTrFlTe suLiD/qRFInd/MpgeICalqVRBzxh5FdOUJWXCoDUbogPLdZ2LmUHBXL/LyjDK01O R118M3HYUxWGowPf5Jh+ir4/IPSZamTn0LFZAJCrwWW9dmdqcbnoClDxBm6wsDJD 4uzYmYoHogQZ4DVVL8k9kRrQ1yIkftvwoYZCXN6ToikvXcbJxJdDnc5jQ9W/ABGV fAfJfsG1zbq2fXagfy+ChKJANse525TAKpTmTZXcZWyoE7JrIUFNFIsWWaBpuJdp yqj+T8EF0bDz2DxJlmlILkpqg48EaEFJlKBg0jlR8/hkNyl1wgEX+Y/C7mgJd2Om Dipwkk/G4/izUWls+IZijWeZ2Ge1ul4QG+sM0/InnYhTuyhq3Cw8E8Nt+ZOJHBKj /KOEYYPr7/QEIC41LKVatN2W5ai6mOSkiGD6qIuIvuR3dPhz7qhFZAML/1KAooAs QOTPxjqxuMvDUm4+KAF598WY+3UFpDeIF0LExc1bhrvEcrjlhC7ypm02d5WaOk26 wkJQ4hJcbHRs/4vp8mMkpTdz8ccjzfbz3GI1GmSsxN5EbdLW4+r8xgGXZ0o0jwpX JJHtq1wikxab5+rgC/03oDlGcL2AtD7FvDJtcyGEl+5raDguwNrAuKZoF1cBnTVg MDzQ2/zuFdeJbIWydjL9 =xwOS -----END PGP SIGNATURE-----
Attachment:
0005-vga-make-sure-vga-register-setup-for-vbe-stays-intac.patch
Description:
Attachment:
0004-vga-update-vga-register-setup-on-vbe-changes.patch
Description:
Attachment:
0003-vga-factor-out-vga-register-setup.patch
Description:
Attachment:
0002-vga-add-vbe_enabled-helper.patch
Description:
Current thread:
- CVE-2016-3712 Qemu: vga: out-of-bounds read and integer overflow issues P J P (May 09)