| Summary: | <app-emulation/qemu-2.4.1-r2: pci: msi-x: null pointer dereference issue (CVE-2015-7549) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | qemu+disabled |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2015/12/14/2 | ||
| Whiteboard: | B3 [glsa cve] | ||
| Package list: | Runtime testing required: | --- | |
fixed with 2.4.1-r2. fine for stable. http://gitweb.gentoo.org/repo/gentoo.git/commit/?id=75d0202d68b81bc06d451b574670d8374751789f amd64/x86 stable Maintainer please cleanup cleanup done by vapier Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request. This issue was resolved and addressed in GLSA 201602-01 at https://security.gentoo.org/glsa/201602-01 by GLSA coordinator Kristian Fiskerstrand (K_F). |
From ${URL} : Qemu emulator built with the PCI MSI-X support is vulnerable to null pointer dereference issue. It occurs when the controller attempts to write to the pending bit array(PBA) memory region. Because the MSI-X MMIO support did not define the .write method. A privileges used inside guest could use this flaw to crash the Qemu process resulting in DoS issue. Upstream fix: ------------- -> http://git.qemu.org/?p=qemu.git;a=commit;h=43b11a91dd861a946b231b89b754285 CVE-2015-7549 has been assigned to this issue by Red Hat Inc. This issue was reported by Qinghao Tang of QIHU 360 Marvel Team. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.