| Summary: | <app-emulation/qemu-2.0.0: out of bounds buffer accesses, guest triggerable via IDE SMART (CVE-2014-2894) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | cardoe, qemu+disabled |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1087971 | ||
| Whiteboard: | B3 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 507796 | ||
| Bug Blocks: | |||
Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=940973ae0b45c9b6817bab8e4cf4df99a9ef83d7 ok, but that's in qemu-2.0.0 already There was a comment on the mailing list about earlier stable branches:
> Should also be fixed in the stable branch of earlier releases. The bug
> is present since SMART emulation was added in 2009.
Can the Maintainers confirm if this is vulnerable in previous versions?
This issue was resolved and addressed in GLSA 201408-17 at http://security.gentoo.org/glsa/glsa-201408-17.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |
From ${URL} : An out of bounds memory access flaw was found in Qemu's IDE device model. It leads to Qemu's memory corruption via buffer overwrite(4 bytes). It occurs while executing IDE SMART commands. A user on guest could use this flaw to corrupt Qemu process's memory on the host. Upstream fix: ------------- -> https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.