Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 616874 (CVE-2017-8380)

Summary: <app-emulation/qemu-2.9.0-r2: scsi: megasas: out-of-bounds read in megasas_mmio_write
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: qemu+disabled
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=1446577
Whiteboard: B3 [glsa cve]
Package list:
app-emulation/qemu-2.9.0-r2
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 616636, 616870, 616872, 618808    

Description Agostino Sarubbo gentoo-dev 2017-04-28 13:20:59 UTC
From ${URL} :

Quick Emulator(Qemu) built with the MegaRAID SAS 8708EM2 Host Bus Adapter
emulation support is vulnerable to an out-of-bounds read access issue. It
could occur while performing a MMIO write operation.

A privileged user inside guest could use this flaw to read host memory
leading to potentially crash the Qemu process on the host.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Matthias Maier gentoo-dev 2017-04-29 21:35:08 UTC
commit ea97b0c7b7466e74a67ad714b07509c752f5870c
Author: Matthias Maier <tamiko@gentoo.org>
Date:   Sat Apr 29 16:01:30 2017 -0500

    app-emulation/qemu: Various security patches for 2.9.0
    
    bug 616636, CVE-2017-8112
    bug 616870 [1]
    bug 616872 [2]
    bug 616874 [1]
    
    [1] minor change, queued upstream, no CVE assigned yet
    [2] queued upstream, no CVE assigned yet
    
    Package-Manager: Portage-2.3.3, Repoman-2.3.2
Comment 2 Matthias Maier gentoo-dev 2017-04-29 21:35:37 UTC
Let's wait with stabilization of 2.9.0-r1 a couple of days.
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2017-04-30 12:08:42 UTC
Call it whenever you are ready, This will be the main bug for stabilization.
Comment 4 Matthias Maier gentoo-dev 2017-05-18 04:28:18 UTC
Arches, please stabilize

 =app-emulation/qemu-2.9.0-r2

Target keywords: amd64 x86
Comment 5 Agostino Sarubbo gentoo-dev 2017-05-18 12:40:23 UTC
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2017-05-20 09:35:32 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 7 Yury German Gentoo Infrastructure gentoo-dev 2017-05-21 07:45:14 UTC
Maintainer(s), Thank you for your work.

One of the dependency bugs is a B2 (GLSA Required). 
New GLSA Request filed.

Maintainer(s), please drop the vulnerable version(s).
Comment 8 Yury German Gentoo Infrastructure gentoo-dev 2017-06-03 14:23:31 UTC
Maintainer(s), please drop the vulnerable version(s).
Comment 9 Matthias Maier gentoo-dev 2017-06-03 14:44:20 UTC
commit c7f0b12f5a2baa48c18bc90e61ac36a43a465cd7 (HEAD -> master, origin/master, origin/HEAD)
Author: Matthias Maier <tamiko@gentoo.org>
Date:   Sat Jun 3 09:42:35 2017 -0500

    app-emulation/qemu: drop vulnerable, bug #616874
    
    Package-Manager: Portage-2.3.6, Repoman-2.3.2
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2017-06-06 06:50:23 UTC
This issue was resolved and addressed in
 GLSA 201706-03 at https://security.gentoo.org/glsa/201706-03
by GLSA coordinator Yury German (BlueKnight).