231753 – app-emulation/kvm Qemu insufficient block device address range checking (CVE-2008-0928)

Bug 231753 - app-emulation/kvm Qemu insufficient block device address range checking (CVE-2008-0928)

Summary: app-emulation/kvm Qemu insufficient block device address range checking (CVE-...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	~2 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2008-07-14 09:58 UTC by Robert Buchholz (RETIRED)
Modified:	2008-07-14 14:43 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2008-07-14 09:58:18 UTC

It seems this issue is still unfixed in KVM-70.
See
https://bugzilla.redhat.com/show_bug.cgi?id=433560


Jay Turner writes:
Ian Jackson discovered that accesses beyond end of qemu emulated disk devices
can result in accesses to emulator's virtual memory space accesses and thus can
allow user with sufficient privilege in guest (root, as this would need
modification to kernel's driver) to break out of VM.

Comment 1 Daniel Gryniewicz (RETIRED) gentoo-dev

2008-07-14 13:48:58 UTC

kvm-70-r1 is in the tree with this fix.

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2008-07-14 14:43:02 UTC

Thanks.