Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer

[<cve-assign () mitre org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Quick emulator(Qemu) built with the SDHCI device emulation support is
> vulnerable to an OOB heap access issue. It could occur while doing a multi
> block SDMA transfer via 'sdhci_sdma_transfer_multi_blocks' routine.
>
> A privileged user inside guest could use this flaw to crash the Qemu process
> resulting in DoS or potentially execute arbitrary code with privileges of the
> Qemu process on the host.
>
> https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html
> https://bugzilla.redhat.com/show_bug.cgi?id=1417559

Use CVE-2017-5667.

This is not yet available at
http://git.qemu.org/?p=qemu.git;a=history;f=hw/sd/sdhci.c but
that may be an expected place for a later update.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYkKkGAAoJEHb/MwWLVhi2+ugQAJBaikvxAT2i0CTdFelKnLXJ
XI2FCrbCLqVuJ2k4SnRhj6mw+TqDmd+rc620wUrAzOSLWIrHXQ995qEpVLHmUVUJ
puR03yJAJnk9/+EmTYTTilJX1gmfvTbT2HirBv/HFRQBTcMaVHLcnnsLhDJlmiJv
W6KTvYdcWoFzwV+5nsTnrg99S5MturKOnh/lTNo91o77NXS/ha92iay3UzHUPZP8
OmlePV3t1xaClrZZhMjP3zFShSGJEnp8pT5/ItTpIN+mn376C3CstKcM013rfrv9
J7g6P5tTmdjJahg5PoJrEo/mkNBUucfvMVR8n7Y4hLKvSvut/+vqAcCH4NkFhnv7
yJzIAnDstsePk0VburOYHFRA//pAk4H3kMaAgtH9onoDoLxSLK1YZLXNvP3iwW+o
y6DzfOriTWa3GH+DNoEqSlo29tDatofGgSvUmcK2maxWOu0d2J5p2FMXA3Vf/6yk
iWNmBYLDgtpf5QI14acbJT1PMr6YZ1UhS0j7BImrx/21UJ9tmeMAtDhGM7n7vBwa
SUhWuJaWrTpXRxaeS3RmV04xdYjj1uVZ9OOZ11T88zulEcRNJw4z0wKP+FJRtNQ8
AarpeNWlz4J1cYP+82shegPZluo6HlNjz8BfCfvidUzs3TXfQWDUuQwjLVWww1IJ
9obnnQn7sju5xf7e+k7Z
=B54L
-----END PGP SIGNATURE-----