CVE-2018-18849 Qemu: lsi53c895a: OOB msg buffer access leads to DoS

[P J P <ppandit () redhat com>]

  Hello,

An out of bounds memory access issue was found in the LSI53C895A SCSI Host Bus 
Adapter emulation while writing a message in lsi_do_msgin. It could occur 
during migration if the 'msg_len' field has an invalid value.  A user/process 
could use this flaw to crash the Qemu process resulting in DoS.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg06682.html

This issue was discovered by dejavusecurity.com and reported by Oracle.com.

CVE assigned via -> https://cveform.mitre.org/

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F