Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 628498 (CVE-2017-12809)

Summary: <app-emulation/qemu-2.10.0: Qemu: ide: flushing of empty CDROM drives leads to NULL dereference (CVE-2017-12809)
Product: Gentoo Security Reporter: D'juan McDonald (domhnall) <flopwiki>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: qemu+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://seclists.org/oss-sec/2017/q3/332
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 629350    
Bug Blocks:    

Description D'juan McDonald (domhnall) 2017-08-21 12:33:40 UTC
From $URL:
 
 Quick emulator built with the IDE disk and CD/DVD-ROM Emulator support is 
 vulnerable to a null pointer dereference issue. It could occur while flushing 
 an empty CDROM device drive.
 
 A privileged user inside guest could use this flaw to crash the Qemu process 
 resulting in DoS.
 
 Upstream patch:
 ---------------
 -> https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html
 
 'CVE-2017-12809' assigned via ->...
http://seclists.org/oss-sec/2017/q3/332
Comment 1 D'juan McDonald (domhnall) 2017-08-22 05:22:08 UTC
@Maintainer(s): Please follow procedure to close this report. Thank you.

Daj'Uan (mbailey_j)
Gentoo Security Scout
Comment 2 D'juan McDonald (domhnall) 2017-08-22 12:35:01 UTC
Source:https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01841.html

Patch 1/4
https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html

Patch 2/4
https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01580.html

Patch 3/4
https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01581.html

Patch 4/4
https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01582.html


@maintainter(s), if possible please test, then follow procedure to stabilize and close on report. Thank you!

Daj'Uan (mbailey_j)
Gentoo Security Scout
Comment 3 Matthias Maier gentoo-dev 2017-09-01 02:02:27 UTC
Patches 1 and 2 are applied upstream in version 2.10.0

Patches 3 and 4 are rejected upstream and a related fix is in progress. I believe the immediate problem with CVE-2017-12809 is resolved by patches 1 + 2.