oss-sec mailing list archives
CVE-2020-27821 QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c
From: Mauro Matteo Cascella <mcascell () redhat com>
Date: Wed, 16 Dec 2020 18:05:58 +0100
Hello, A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This flaw could lead to an out-of-bounds access of the Message Signalled Interrupt (MSI-X) table while performing MMIO operations. A privileged guest user may abuse this issue to crash the QEMU process on the host, resulting in a denial of service. Upstream fix: https://git.qemu.org/?p=qemu.git;a=commit;h=4bfb024bc76973d40a359476dc0291f46e435442 This issue was reported by Alexander Bulekov (cc'd). CVE-2020-27821 was assigned by Red Hat Inc. Best regards. -- Mauro Matteo Cascella Red Hat Product Security PGP-Key ID: BB3410B0
Current thread:
- CVE-2020-27821 QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c Mauro Matteo Cascella (Dec 16)