Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 510234 (CVE-2014-0222)

Summary: <app-emulation/qemu-2.0.0-r1: qcow1 - validate image size and L2 table size (CVE-2014-{0222,0223})
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: cardoe, qemu+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=46485de0cb357b57373e1ca895adedf1f3ed46ec
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 510208    
Bug Blocks:    

Description Agostino Sarubbo gentoo-dev 2014-05-13 13:00:17 UTC 
From https://bugzilla.redhat.com/show_bug.cgi?id=1097216:

Qemu block driver for the QCOW version 1 image format is vulnerable to an
integer overflow flaw. It occurs due to weak input validations or logic errors.
Such integer overflow could lead to buffer overflows, memory corruption or
crash in Qemu instance.

An user able to alter the Qemu disk image files loaded by a guest could use
this flaw to crash the Qemu instance resulting in DoS or corrupt QEMU process
memory on the host, which could potentially result in arbitrary code execution
on the host with the privileges of the QEMU process.

Upstream fix:
-------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html


From https://bugzilla.redhat.com/show_bug.cgi?id=1097222:

Qemu block driver for the QCOW version 1 image format is vulnerable to an
integer overflow flaw. It occurs due to weak input validations or logic errors.
Such integer overflow could lead to buffer overflows, memory corruption or
crash in Qemu instance.

An user able to alter the Qemu disk image files loaded by a guest could use
this flaw to crash the Qemu instance resulting in DoS or corrupt QEMU process
memory on the host, which could potentially result in arbitrary code execution
on the host with the privileges of the QEMU process.

Upstream fix:
-------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 2 SpanKY gentoo-dev 2014-06-06 01:16:35 UTC 
qemu-2.0.0-r1 has the fixes
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2014-06-09 01:47:36 UTC 
(In reply to SpanKY from comment #2)
> qemu-2.0.0-r1 has the fixes

Please let us know if you are ready for stabilization?
Comment 4 Agostino Sarubbo gentoo-dev 2014-08-26 13:13:51 UTC 
security, please add it to the current glsa draft.
Comment 5 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-08-26 18:07:50 UTC 
Added to existing GLSA draft
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-08-31 11:31:32 UTC 
This issue was resolved and addressed in
 GLSA 201408-17 at http://security.gentoo.org/glsa/glsa-201408-17.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).