Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 681850 (CVE-2018-20815) - <app-emulation/qemu-3.1.0-r4: device_tree: heap buffer overflow while loading device tree blob
Summary: <app-emulation/qemu-3.1.0-r4: device_tree: heap buffer overflow while loading...
Status: RESOLVED FIXED
Alias: CVE-2018-20815
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.openwall.com/lists/oss-se...
Whiteboard: B2 [glsa+ cve]
Keywords:
Depends on: CVE-2019-9824
Blocks:
  Show dependency tree
 
Reported: 2019-03-27 10:27 UTC by Agostino Sarubbo
Modified: 2019-08-03 15:19 UTC (History)
2 users (show)

See Also:
Package list:
app-emulation/qemu-3.1.0-r4
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2019-03-27 10:27:00 UTC
From ${URL} :

A heap buffer overflow issue was found in the load_device_tree() function of QEMU, which is invoked to load device tree blob at boot time. It 
occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type.

A user/process could use this flaw to potentially execute arbitrary code on a host system with privileges of the QEMU process.

Upstream patch:
---------------
  -> https://git.qemu.org/?p=qemu.git;a=commitdiff;h=da885fe1ee8b4589047484bd7fa05a4905b52b17

'CVE-2018-20815' assigned via -> https://cveform.mitre.org/


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Larry the Git Cow gentoo-dev 2019-04-08 02:52:29 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6fec2a540ce3e7cbd378287ee2837aeba6406eaf

commit 6fec2a540ce3e7cbd378287ee2837aeba6406eaf
Author:     Matthias Maier <tamiko@gentoo.org>
AuthorDate: 2019-04-08 02:26:43 +0000
Commit:     Matthias Maier <tamiko@gentoo.org>
CommitDate: 2019-04-08 02:51:08 +0000

    app-emulation/qemu: multiple security fixes for 3.1.0
    
      CVE-2018-20815
      CVE-2019-9824
    
    Bug: https://bugs.gentoo.org/681850
    Bug: https://bugs.gentoo.org/680834
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Matthias Maier <tamiko@gentoo.org>

 app-emulation/qemu/Manifest             | 1 +
 app-emulation/qemu/qemu-3.1.0-r4.ebuild | 6 ++----
 2 files changed, 3 insertions(+), 4 deletions(-)
Comment 2 Matthias Maier gentoo-dev 2019-04-08 03:29:03 UTC
Arches, please stabilize app-emulation/qemu-3.1.0-r4
Comment 3 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-04-08 13:21:33 UTC
amd64 stable
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2019-04-18 20:35:00 UTC
x86 stable
Comment 5 Aaron Bauman (RETIRED) gentoo-dev 2019-04-18 21:35:30 UTC
@maintainer, please clean vulnerable.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2019-04-25 00:00:40 UTC
This issue was resolved and addressed in
 GLSA 201904-25 at https://security.gentoo.org/glsa/201904-25
by GLSA coordinator Aaron Bauman (b-man).
Comment 7 Aaron Bauman (RETIRED) gentoo-dev 2019-04-25 00:01:12 UTC
re-opened for cleanup