oss-sec mailing list archives
Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array
From: P J P <ppandit () redhat com>
Date: Tue, 18 Dec 2018 16:44:07 +0530 (IST)
+-- On Tue, 18 Dec 2018, saar amar wrote --+ | I'm wondering why it says "DOS" and not "execute arbitrary code on the host, | in the context of the QEMU process"? I have stack overflow, it pretty clear | I could gain more than simple DOS:) | | What do your day? IIUC, it's likely to corrupt adjacent stack variables and/or hit stack canary resulting in DoS. The scatter/gather entry object(struct ibv_sge) holds buffer address/length attributes used during r/w operations. If their values are astray, the following call to ibv_post_send() may suffer/return an error. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
Current thread:
- CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array P J P (Dec 18)
- Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array saar amar (Dec 18)
- Re: Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array Agostino Sarubbo (Dec 18)
- Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array P J P (Dec 18)
- Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array saar amar (Dec 18)