| Summary: | <app-emulation/qemu-2.0.0: vmxnet3: bounds checking buffer overrun (CVE-2013-4544) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | cardoe, qemu+disabled |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1087513 | ||
| Whiteboard: | B2 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
fixes are in the 2.0.0 release CVE-2013-4544 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4544): hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information. This issue was resolved and addressed in GLSA 201408-17 at http://security.gentoo.org/glsa/glsa-201408-17.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |
From ${URL} : An array index bounds overrun flaw has been discovered in the vmxnet3 device as emulated by qemu. A privileged guest user could use this flaw to corrupt qemu process' memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the qemu process. Upstream fix: ------------- -> http://thread.gmane.org/gmane.comp.emulators.qemu/265562 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.