oss-sec mailing list archives
CVE-2018-18438 Qemu: Integer overflow in ccid_card_vscard_read() allows memory corruption
From: P J P <ppandit () redhat com>
Date: Wed, 17 Oct 2018 12:59:01 +0530 (IST)
Hello,An integer overflow issue was found in the CCID Passthru card device emulation, while reading card data in ccid_card_vscard_read() function. The ccid_card_vscard_read() function accepts a signed integer 'size' argument, which is subsequently used as unsigned size_t value in memcpy(), copying large amounts of memory.
A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02396.html -> https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02402.html This issue was reported by Arash Tohidi. CVE requested via -> https://cveform.mitre.org/ Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
Current thread:
- CVE-2018-18438 Qemu: Integer overflow in ccid_card_vscard_read() allows memory corruption P J P (Oct 17)