oss-sec mailing list archives
Re: CVE request Qemu: scsi: mptsas: OOB access when freeing MPTSASRequest object
From: cve-assign () mitre org
Date: Fri, 16 Sep 2016 13:26:01 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Quick emulator(Qemu) built with the LSI SAS1068 Host Bus emulation support, is vulnerable to an invalid memory access issue. It could occur while processing scsi io requests in mptsas_process_scsi_io_request. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host resulting in DoS. https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03604.html https://bugzilla.redhat.com/show_bug.cgi?id=1376776 http://git.qemu.org/?p=qemu.git;a=commit;h=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5
scsi: mptsas: use g_new0 to allocate MPTSASRequest object When processing IO request in mptsas, it uses g_new to allocate a 'req' object. If an error occurs before 'req->sreq' is allocated, It could lead to an OOB write in mptsas_free_request function. Use g_new0 to avoid it.
Use CVE-2016-7423. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX3CoQAAoJEHb/MwWLVhi2jDcP+wbIpI1ey0NwiBCdBhQhtIcM OinhQ7vBTP7wqOZqMEnJoWRdK3A56/JxfXs5chnHEUxiiC5sy59sMoDa/wJ9M2yL WDCzYZLVpTevTW/fbeMnXel3Xc5IFB80yaAuDqXP48f3s1H6bo2ai0giyWdcbdXY UebsZpm9MHxeqN6DYEGnsYe8audTizfe9swwLeWSUXyttzFLGOrL3pJQE6WBORbu cbpazz4ylYJcDyY+Th3CNZpFAZGqIcw++DMZKZG00nlgXJ4gWn9raLmfWYVKRumd JHczsDj36PqKC5kXsrwyd62YV7TCZFzDHGEQN3ZeGIhIbLaKhc9OSif48V3Xu5pH 4SzvmEFiSiRCD5HGgikkzyt+lbNy7rbvry8NWYek/pgeXIYkYdywgKB54fs0jNjv wVf82M/8QDqFmegkRiEIyF8WsTe6WpwBgRQm7PdNJlyR54gH38/uTCefhPZj9elT RdgGkqtinff92C12s+A8nH4GIe8uQnGUt2cv39m02htT5NaSZBTAXPQuoVUJTIjM +xsymnuJSSMzyy351XG+8T+Cc2er7G+dYdf2aZUMItFlPSaK3Ewp5rFkgAYNClJz D6MWKJeXonSrx4j/+z5tTHma64FEgNfKSupEaf5en0od7lR7zB215xFbv6g6P/3d 8arhpqQkwLxtRAm2n/Ad =7sOJ -----END PGP SIGNATURE-----
Current thread:
- CVE request Qemu: scsi: mptsas: OOB access when freeing MPTSASRequest object P J P (Sep 16)
- Re: CVE request Qemu: scsi: mptsas: OOB access when freeing MPTSASRequest object cve-assign (Sep 16)