oss-sec mailing list archives
CVE-2018-19665 Qemu: bt: integer overflow in Bluetooth routines allows memory corruption
From: P J P <ppandit () redhat com>
Date: Thu, 29 Nov 2018 14:45:05 +0530 (IST)
Hello,An integer overflow resulting in memory corruption issue was found in various Bluetooth functions. It could occur in routines wherein 'len' parameter is a 'signed int' which subsequently converts to an unsigned integer resulting in memcpy() copying large amounts of memory.
A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg03570.html This issue was reported by Arash TC Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
Current thread:
- CVE-2018-19665 Qemu: bt: integer overflow in Bluetooth routines allows memory corruption P J P (Nov 29)