| Summary: | <app-emulation/qemu-2.7.0-r3: virtio: null pointer dereference in virtqueu_map_desc (CVE-2016-7422) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | qemu+disabled |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1376755 | ||
| Whiteboard: | B3 [glsa cve] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 593038 | ||
| Bug Blocks: | |||
commit b50850bf14489740441b408a2d45f6e64d724f7d Author: Matthias Maier <tamiko@gentoo.org> Date: Sat Sep 17 23:02:53 2016 -0500 app-emulation/qemu: security fixes, ebuild maintenance bug 593956: CVE-2016-7422 bug 593950: CVE-2016-7421 bug 590230: missing use depend opengl? ( media-libs/mesa[...,gbm] ) bug 575326: update to readme.gentoo-r1 eclass Package-Manager: portage-2.2.28 Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request. Maintainer(s), please drop the vulnerable version(s) - Cleanup Bug #593038 This issue was resolved and addressed in GLSA 201609-01 at https://security.gentoo.org/glsa/201609-01 by GLSA coordinator Yury German (BlueKnight). |
From ${URL} : Quick emulator(Qemu) built with the virtio framework is vulnerable to a null pointer dereference flaw. It could occur if the guest was to set the I/O descriptor buffer length to a large value. A privileged user inside guest could use this flaw to crash the Qemu instance on the host resulting in DoS. Upstream fix: ------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03546.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.