Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 649616 (CVE-2018-7550)

Summary: <app-emulation/qemu-2.11.1-r1: i386: multiboot OOB access while loading kernel image
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: qemu+disabled
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa+ cve]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 651668    

Description Agostino Sarubbo gentoo-dev 2018-03-05 09:22:27 UTC
From ${URL} :

Quick Emulator(QEMU) built with the PC System Emulator with multiboot feature
support is vulnerable to an OOB r/w memory access issue. It could occur while
loading a kernel image during a guest boot if muliboot head addresses
mh_load_end_addr was greater than mh_bss_end_addr.

A user/process could use this flaw to potentially achieve arbitrary code
execution on a host.

Upstream patch:

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Larry the Git Cow gentoo-dev 2018-03-18 20:02:04 UTC
The bug has been referenced in the following commit(s):

commit 927222f7ee40d2289d759ea2bceee1cc68d81a32
Author:     Matthias Maier <>
AuthorDate: 2018-03-18 19:33:04 +0000
Commit:     Matthias Maier <>
CommitDate: 2018-03-18 20:01:50 +0000

    app-emulation/qemu: 2.11.1: apply security patches
         * disable capstone
         * apply patch for CVE-2018-7550
    Package-Manager: Portage-2.3.24, Repoman-2.3.6

 app-emulation/qemu/qemu-2.11.1-r1.ebuild | 805 +++++++++++++++++++++++++++++++
 1 file changed, 805 insertions(+)

commit 46d903c2665d2910a22d78656c5f7bafdf702135
Author:     Matthias Maier <>
AuthorDate: 2018-03-18 19:08:44 +0000
Commit:     Matthias Maier <>
CommitDate: 2018-03-18 20:01:49 +0000

    app-emulation/qemu: 2.11.1: New binary blob pinning, CVE patches, maintenance
     * new binary blobs pinning
       keyword ebuild
     * fix include path for capstone, bug 647570
     * add USE=capstone support, bug 647570
     * apply patch for CVE-2018-7550
    Package-Manager: Portage-2.3.24, Repoman-2.3.6

 app-emulation/qemu/Manifest                                 |  1 +
 .../qemu/files/qemu-2.11.1-capstone_include_path.patch      | 11 +++++++++++
 app-emulation/qemu/metadata.xml                             |  1 +
 .../qemu/{qemu-2.11.1-r50.ebuild => qemu-2.11.1-r51.ebuild} | 13 ++++++-------
 4 files changed, 19 insertions(+), 7 deletions(-)}
Comment 2 Matthias Maier gentoo-dev 2018-03-18 20:17:01 UTC
Patch added to 2.11.1-r1. Arches, please stabilize.
Comment 3 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-03-19 08:12:09 UTC
amd64 stable
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2018-03-29 14:54:10 UTC
x86 stable
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2018-03-29 15:23:56 UTC
x86 stable
Comment 6 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-04-08 17:36:24 UTC
New GLSA Request filed.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2018-04-08 23:32:33 UTC
This issue was resolved and addressed in
 GLSA 201804-08 at
by GLSA coordinator Aaron Bauman (b-man).