Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 607766 (CVE-2017-5667)

Summary: <app-emulation/qemu-2.8.0-r1: sd: sdhci OOB access during multi block SDMA transfer (CVE-2017-5667)
Product: Gentoo Security Reporter: Francis Booth <boothf>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: qemu+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html
Whiteboard: B3 [glsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 608728    
Bug Blocks:    

Description Francis Booth 2017-01-31 03:02:14 UTC 
Quick emulator(Qemu) built with the SDHCI device emulation support is vulnerable
to an OOB heap access issue. It could occur while doing a multi block SDMA
transfer via sdhci_sdma_transfer_multi_blocks routine.

A privileged user inside guest could use this flaw to crash the Qemu process
resulting in DoS or potentially execute arbitrary code with privileges of the
Qemu process on the host.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2017/01/30/2

Reproducible: Didn't try
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-02-16 18:25:07 UTC 
Added to an existing GLSA request.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2017-02-21 00:25:41 UTC 
This issue was resolved and addressed in
 GLSA 201702-28 at https://security.gentoo.org/glsa/201702-28
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2017-02-21 00:30:42 UTC 
This issue was resolved and addressed in
 GLSA 201702-28 at https://security.gentoo.org/glsa/201702-28
by GLSA coordinator Thomas Deutschmann (whissi).