| Summary: | <app-emulation/qemu-2.5.0-r1: acpi: heap based buffer overrun during VM migration (CVE-2015-8666) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | qemu+disabled |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2015/12/24/1 | ||
| Whiteboard: | B3 [glsa cve] | ||
| Package list: | Runtime testing required: | --- | |
this is included in the 2.5.0 release in the tree. no plans to backport to 2.4. The stabilization happened in bug 571566 Added to existing GLSA draft This issue was resolved and addressed in GLSA 201602-01 at https://security.gentoo.org/glsa/201602-01 by GLSA coordinator Kristian Fiskerstrand (K_F). |
From ${URL} : Qemu emulator built with the Q35 chipset based pc system emulator is vulnerable to a heap based buffer overflow. It occurs during VM guest migration, as more(16 bytes) data is moved into allocated(8 bytes) memory area. A privileged guest user could use this issue to corrupt the VM guest image, potentially leading to a DoS. This issue affects q35 machine types. Upstream fix: ------------- -> http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d9a3b33d2c9f996537b7f1d0246dee2d0120cefb Reference: ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1283722 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.