QEMU through version 2.10 through to 3.1.0 is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c in the function i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host. Github patch on qemu: https://github.com/qemu/qemu/commit/b05b267840515730dbf6753495d5b7bd8b04ad1c
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9f34e77d4b6cf23d633c258faadd57d030f2949e commit 9f34e77d4b6cf23d633c258faadd57d030f2949e Author: Tomas Mozes <hydrapolic@gmail.com> AuthorDate: 2019-03-06 08:21:22 +0000 Commit: Yixun Lan <dlan@gentoo.org> CommitDate: 2019-03-07 13:34:47 +0000 app-emulation/xen-tools: bump to 4.10.3-r1 Bug: https://bugs.gentoo.org/678338 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Yixun Lan <dlan@gentoo.org> app-emulation/xen-tools/Manifest | 1 + app-emulation/xen-tools/xen-tools-4.10.3-r1.ebuild | 464 +++++++++++++++++++++ 2 files changed, 465 insertions(+)
tree is clean.
Please revert https://github.com/gentoo/gentoo/commit/52e83bcaae43348e30e4365b2b43895e9d276b6e. We will be dropping 4.10.2, not 4.10.3.
(In reply to Tomáš Mózes from comment #3) > Please revert > https://github.com/gentoo/gentoo/commit/ > 52e83bcaae43348e30e4365b2b43895e9d276b6e. We will be dropping 4.10.2, not > 4.10.3. Are you saying that 4.10.2 is not vulnerable to this vulnerability?
(In reply to Yury German from comment #4) > > Are you saying that 4.10.2 is not vulnerable to this vulnerability? no, we will drop 4.10.2 .. thanks
commit 4889b9b51133c37a7fa07b1a8a577705c3893e4b (HEAD -> master) Author: Yixun Lan <dlan@gentoo.org> Date: Thu Mar 28 13:43:10 2019 +0800 app-emulation/xen-pvgrub: drop old version Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Yixun Lan <dlan@gentoo.org> :100644 100644 db8f2563a580 dddb5629e41f M app-emulation/xen-pvgrub/Manifest :100644 000000 6309f6f7a8a0 000000000000 D app-emulation/xen-pvgrub/xen-pvgrub-4.10.2.ebuild commit 0320a73d9fc3430c02420fcbf71fa9153c0b8169 Author: Yixun Lan <dlan@gentoo.org> Date: Thu Mar 28 13:41:18 2019 +0800 app-emulation/xen-tools: drop old vulnerables Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Yixun Lan <dlan@gentoo.org> :100644 100644 9233cee6df2a 7b9fd93efb0a M app-emulation/xen-tools/Manifest :100644 100644 234abc9b2ad0 6a6654a4a333 M app-emulation/xen-tools/files/gentoo-patches.conf :100644 000000 6c5b027ed61b 000000000000 D app-emulation/xen-tools/xen-tools-4.10.2-r1.ebuild :100644 000000 2f949b56d4ce 000000000000 D app-emulation/xen-tools/xen-tools-4.10.3-r1.ebuild commit 57566503adf785f1b2bc3d90cd33161580101908 Author: Yixun Lan <dlan@gentoo.org> Date: Thu Mar 28 13:36:07 2019 +0800 app-emulation/xen: drop old vulnerable Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Yixun Lan <dlan@gentoo.org> :100644 100644 dda039512ee0 22834c78b91b M app-emulation/xen/Manifest :100644 000000 bc238c68ed1f 000000000000 D app-emulation/xen/xen-4.10.2-r2.ebuild
(In reply to Yury German from comment #4) > (In reply to Tomáš Mózes from comment #3) > > Please revert > > https://github.com/gentoo/gentoo/commit/ > > 52e83bcaae43348e30e4365b2b43895e9d276b6e. We will be dropping 4.10.2, not > > 4.10.3. > > Are you saying that 4.10.2 is not vulnerable to this vulnerability? That commit accidentally dropped 4.10.3. Thanks Yixun for dropping the vulnerable versions, cool!
