Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 607766 (CVE-2017-5667) - <app-emulation/qemu-2.8.0-r1: sd: sdhci OOB access during multi block SDMA transfer (CVE-2017-5667)
Summary: <app-emulation/qemu-2.8.0-r1: sd: sdhci OOB access during multi block SDMA tr...
Status: RESOLVED FIXED
Alias: CVE-2017-5667
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://lists.gnu.org/archive/html/qe...
Whiteboard: B3 [glsa cve]
Keywords:
Depends on: CVE-2017-5931
Blocks:
  Show dependency tree
 
Reported: 2017-01-31 03:02 UTC by Francis Booth
Modified: 2017-02-21 00:30 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Francis Booth 2017-01-31 03:02:14 UTC 
Quick emulator(Qemu) built with the SDHCI device emulation support is vulnerable
to an OOB heap access issue. It could occur while doing a multi block SDMA
transfer via sdhci_sdma_transfer_multi_blocks routine.

A privileged user inside guest could use this flaw to crash the Qemu process
resulting in DoS or potentially execute arbitrary code with privileges of the
Qemu process on the host.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2017/01/30/2

Reproducible: Didn't try
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-02-16 18:25:07 UTC 
Added to an existing GLSA request.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2017-02-21 00:25:41 UTC 
This issue was resolved and addressed in
 GLSA 201702-28 at https://security.gentoo.org/glsa/201702-28
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2017-02-21 00:30:42 UTC 
This issue was resolved and addressed in
 GLSA 201702-28 at https://security.gentoo.org/glsa/201702-28
by GLSA coordinator Thomas Deutschmann (whissi).