CVE-2020-27821 QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c

[Mauro Matteo Cascella <mcascell () redhat com>]

Hello,

A flaw was found in the memory management API of QEMU during the
initialization of a memory region cache. This flaw could lead to an
out-of-bounds access of the Message Signalled Interrupt (MSI-X) table
while performing MMIO operations. A privileged guest user may abuse
this issue to crash the QEMU process on the host, resulting in a
denial of service.

Upstream fix:
https://git.qemu.org/?p=qemu.git;a=commit;h=4bfb024bc76973d40a359476dc0291f46e435442

This issue was reported by Alexander Bulekov (cc'd).
CVE-2020-27821 was assigned by Red Hat Inc.

Best regards.
-- 
Mauro Matteo Cascella
Red Hat Product Security
PGP-Key ID: BB3410B0