| Summary: | <app-emulation/qemu-2.9.0-r55: exec: oob access during dma operation | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | qemu+disabled |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1471638 | ||
| Whiteboard: | B3 [noglsa cve] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 625614 | ||
| Bug Blocks: | |||
commit e67f10960bca69fdede54d77eb54c4ab72b98d08 Author: Matthias Maier <tamiko@gentoo.org> Date: Wed Jul 26 12:10:46 2017 -0500 app-emulation/qemu: security fixes CVE-2017-11334, bug #621292 CVE-2017-11434, bug #625614 CVE-2017-9503, bug #621184 CVE-2017-9524, bug #621292 Package-Manager: Portage-2.3.6, Repoman-2.3.3 |
From ${URL} : Qemu emulator built to use 'qemu_map_ram_ptr' to access guests' ram block area is vulnerable to a OOB r/w access issue. It could occur during a DMA operation. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg03775.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.