Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 510234 (CVE-2014-0222) - <app-emulation/qemu-2.0.0-r1: qcow1 - validate image size and L2 table size (CVE-2014-{0222,0223})
Summary: <app-emulation/qemu-2.0.0-r1: qcow1 - validate image size and L2 table size (...
Status: RESOLVED FIXED
Alias: CVE-2014-0222
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://git.qemu.org/?p=qemu.git;a=com...
Whiteboard: B2 [glsa]
Keywords:
Depends on: CVE-2014-3461
Blocks:
  Show dependency tree
 
Reported: 2014-05-13 13:00 UTC by Agostino Sarubbo
Modified: 2014-08-31 11:31 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-05-13 13:00:17 UTC 
From https://bugzilla.redhat.com/show_bug.cgi?id=1097216:

Qemu block driver for the QCOW version 1 image format is vulnerable to an
integer overflow flaw. It occurs due to weak input validations or logic errors.
Such integer overflow could lead to buffer overflows, memory corruption or
crash in Qemu instance.

An user able to alter the Qemu disk image files loaded by a guest could use
this flaw to crash the Qemu instance resulting in DoS or corrupt QEMU process
memory on the host, which could potentially result in arbitrary code execution
on the host with the privileges of the QEMU process.

Upstream fix:
-------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html


From https://bugzilla.redhat.com/show_bug.cgi?id=1097222:

Qemu block driver for the QCOW version 1 image format is vulnerable to an
integer overflow flaw. It occurs due to weak input validations or logic errors.
Such integer overflow could lead to buffer overflows, memory corruption or
crash in Qemu instance.

An user able to alter the Qemu disk image files loaded by a guest could use
this flaw to crash the Qemu instance resulting in DoS or corrupt QEMU process
memory on the host, which could potentially result in arbitrary code execution
on the host with the privileges of the QEMU process.

Upstream fix:
-------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 2 SpanKY gentoo-dev 2014-06-06 01:16:35 UTC 
qemu-2.0.0-r1 has the fixes
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2014-06-09 01:47:36 UTC 
(In reply to SpanKY from comment #2)
> qemu-2.0.0-r1 has the fixes

Please let us know if you are ready for stabilization?
Comment 4 Agostino Sarubbo gentoo-dev 2014-08-26 13:13:51 UTC 
security, please add it to the current glsa draft.
Comment 5 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-08-26 18:07:50 UTC 
Added to existing GLSA draft
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-08-31 11:31:32 UTC 
This issue was resolved and addressed in
 GLSA 201408-17 at http://security.gentoo.org/glsa/glsa-201408-17.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).