| Summary: | <app-emulation/qemu-2.5.0-r2: usb ehci out-of-bounds read in ehci_process_itd | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | qemu+disabled |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1299455 | ||
| Whiteboard: | B3 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 578044 | ||
| Bug Blocks: | |||
fixed landed upstream here: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=49d925ce50383a286278143c05511d30ec41a36e this is in qemu-2.5.0-r2 and is fine for stable Added to existing GLSA. Clean as part of bug #567420 This issue was resolved and addressed in GLSA 201604-01 at https://security.gentoo.org/glsa/201604-01 by GLSA coordinator Yury German (BlueKnight). |
From ${URL} : Qemu emulator built with the USB EHCI emulation support is vulnerable to an information leakage flaw. It could occur while processing isochronous transfer descriptors(iTD), with buffer page select(PG) index that falls beyond buffer page array area. A privileged user inside guest could use this flaw to leak qemu memory bytes. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03604.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.