| Summary: |
<app-emulation/qemu-2.8.0-r1: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb (CVE-2016-10155) |
| Product: |
Gentoo Security
|
Reporter: |
Agostino Sarubbo <ago> |
| Component: |
Vulnerabilities | Assignee: |
Gentoo Security <security> |
| Status: |
RESOLVED
FIXED
|
|
|
| Severity: |
minor
|
CC: |
qemu+disabled
|
| Priority: |
Normal
|
|
|
| Version: |
unspecified | |
|
| Hardware: |
All | |
|
| OS: |
Linux | |
|
| URL: |
http://www.openwall.com/lists/oss-security/2017/01/20/14
|
| Whiteboard: |
B4 [glsa cve] |
|
Package list:
|
|
Runtime testing required:
|
---
|
|---|
| Bug Depends on: |
608728
|
|
|
| Bug Blocks: |
|
|
|
From ${URL} : Quick Emulator(Qemu) built with the virtual hardware watchdog 'wdt_i6300esb' support is vulnerable to a memory leakage issue. It could occur while doing a device unplug operation; Doing so repeatedly would result in leaking host memory, affecting other services on the host. A privileged user inside guest could use this flaw to cause a DoS and/or potentially crash the Qemu process on the host. Upstream patch: --------------- -> https://lists.nongnu.org/archive/html/qemu-devel/2016-12/msg03104.html Reference: ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1415199 Commit: http://git.qemu.org/?p=qemu.git;a=commit;h=eb7a20a3616085d46aa6b4b4224e15587ec67e6e @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.