oss-sec mailing list archives
Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer
From: <cve-assign () mitre org>
Date: Tue, 31 Jan 2017 10:20:47 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Quick emulator(Qemu) built with the SDHCI device emulation support is vulnerable to an OOB heap access issue. It could occur while doing a multi block SDMA transfer via 'sdhci_sdma_transfer_multi_blocks' routine. A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code with privileges of the Qemu process on the host. https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html https://bugzilla.redhat.com/show_bug.cgi?id=1417559
Use CVE-2017-5667. This is not yet available at http://git.qemu.org/?p=qemu.git;a=history;f=hw/sd/sdhci.c but that may be an expected place for a later update. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYkKkGAAoJEHb/MwWLVhi2+ugQAJBaikvxAT2i0CTdFelKnLXJ XI2FCrbCLqVuJ2k4SnRhj6mw+TqDmd+rc620wUrAzOSLWIrHXQ995qEpVLHmUVUJ puR03yJAJnk9/+EmTYTTilJX1gmfvTbT2HirBv/HFRQBTcMaVHLcnnsLhDJlmiJv W6KTvYdcWoFzwV+5nsTnrg99S5MturKOnh/lTNo91o77NXS/ha92iay3UzHUPZP8 OmlePV3t1xaClrZZhMjP3zFShSGJEnp8pT5/ItTpIN+mn376C3CstKcM013rfrv9 J7g6P5tTmdjJahg5PoJrEo/mkNBUucfvMVR8n7Y4hLKvSvut/+vqAcCH4NkFhnv7 yJzIAnDstsePk0VburOYHFRA//pAk4H3kMaAgtH9onoDoLxSLK1YZLXNvP3iwW+o y6DzfOriTWa3GH+DNoEqSlo29tDatofGgSvUmcK2maxWOu0d2J5p2FMXA3Vf/6yk iWNmBYLDgtpf5QI14acbJT1PMr6YZ1UhS0j7BImrx/21UJ9tmeMAtDhGM7n7vBwa SUhWuJaWrTpXRxaeS3RmV04xdYjj1uVZ9OOZ11T88zulEcRNJw4z0wKP+FJRtNQ8 AarpeNWlz4J1cYP+82shegPZluo6HlNjz8BfCfvidUzs3TXfQWDUuQwjLVWww1IJ 9obnnQn7sju5xf7e+k7Z =B54L -----END PGP SIGNATURE-----
Current thread:
- CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer P J P (Jan 30)
- Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer cve-assign (Jan 31)
- Re: Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer Leo Famulari (Feb 12)
- Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer cve-assign (Jan 31)