oss-sec mailing list archives

CVE-2020-13659 QEMU: exec: address_space_map returns NULL without setting length to zero may lead to DoS

From: P J P <ppandit () redhat com>
Date: Mon, 1 Jun 2020 17:54:06 +0530 (IST)

  Hello,

A NULL pointer dereference issue was found in the MegaRAID SAS 8708EM2emulator of the QEMU. This issue occurs because the address_space_map() APIwhile mapping physical memory into host's virtual address space may returnNULL, without setting the length parameter to zero(0). A guest user/processmay use this flaw to crash the QEMU process on the host resulting in DoSscenario.


Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html

Reference:
----------
  -> https://bugs.launchpad.net/qemu/+bug/1878259


Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D

Current thread:

CVE-2020-13659 QEMU: exec: address_space_map returns NULL without setting length to zero may lead to DoS P J P (Jun 01)