oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2016-3712 Qemu: vga: out-of-bounds read and integer overflow issues

From: P J P <ppandit () redhat com>
Date: Mon, 9 May 2016 17:40:04 +0530 (IST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

  Hello,
An out-of-bounds read and integer overflow issue was reported in the Qemu emulator's VGA module.
Qemu VGA module allows guest to edit certain registers in 'vbe' and 'vga' modes. ie. guest could set certain 'VGA' registers while in 'VBE' mode. This leads to potential integer overflow or OOB read access issues in Qemu, resulting in DoS by crashing the Qemu process on the host. (Moderate)
A privileged guest user could use this flaw to crash the Qemu process on the host.
'CVE-2016-3712' has been assigned to this issue by Red Hat Inc. Patches are attached herein to help fix this issue. 

This issue was discovered and reported by Zuozhi Fzz of Alibaba Inc.

Thank you.
- --
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJXMH4cAAoJEN0TPTL+WwQfJQ8QAIskTPJjmQ5o2OMyIgTrFlTe
suLiD/qRFInd/MpgeICalqVRBzxh5FdOUJWXCoDUbogPLdZ2LmUHBXL/LyjDK01O
R118M3HYUxWGowPf5Jh+ir4/IPSZamTn0LFZAJCrwWW9dmdqcbnoClDxBm6wsDJD
4uzYmYoHogQZ4DVVL8k9kRrQ1yIkftvwoYZCXN6ToikvXcbJxJdDnc5jQ9W/ABGV
fAfJfsG1zbq2fXagfy+ChKJANse525TAKpTmTZXcZWyoE7JrIUFNFIsWWaBpuJdp
yqj+T8EF0bDz2DxJlmlILkpqg48EaEFJlKBg0jlR8/hkNyl1wgEX+Y/C7mgJd2Om
Dipwkk/G4/izUWls+IZijWeZ2Ge1ul4QG+sM0/InnYhTuyhq3Cw8E8Nt+ZOJHBKj
/KOEYYPr7/QEIC41LKVatN2W5ai6mOSkiGD6qIuIvuR3dPhz7qhFZAML/1KAooAs
QOTPxjqxuMvDUm4+KAF598WY+3UFpDeIF0LExc1bhrvEcrjlhC7ypm02d5WaOk26
wkJQ4hJcbHRs/4vp8mMkpTdz8ccjzfbz3GI1GmSsxN5EbdLW4+r8xgGXZ0o0jwpX
JJHtq1wikxab5+rgC/03oDlGcL2AtD7FvDJtcyGEl+5raDguwNrAuKZoF1cBnTVg
MDzQ2/zuFdeJbIWydjL9
=xwOS
-----END PGP SIGNATURE-----

Attachment: 0005-vga-make-sure-vga-register-setup-for-vbe-stays-intac.patch
Description:

Attachment: 0004-vga-update-vga-register-setup-on-vbe-changes.patch
Description:

Attachment: 0003-vga-factor-out-vga-register-setup.patch
Description:

Attachment: 0002-vga-add-vbe_enabled-helper.patch
Description:

Previous By Date Next
Previous By Thread Next

Current thread: