Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 507790 (CVE-2014-2894) - <app-emulation/qemu-2.0.0: out of bounds buffer accesses, guest triggerable via IDE SMART (CVE-2014-2894)
Summary: <app-emulation/qemu-2.0.0: out of bounds buffer accesses, guest triggerable v...
Status: RESOLVED FIXED
Alias: CVE-2014-2894
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [glsa]
Keywords:
Depends on: CVE-2014-0150
Blocks:
  Show dependency tree
 
Reported: 2014-04-16 07:45 UTC by Agostino Sarubbo
Modified: 2014-08-31 11:31 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-04-16 07:45:54 UTC
From ${URL} :

An out of bounds memory access flaw was found in Qemu's IDE device model.
It leads to Qemu's memory corruption via buffer overwrite(4 bytes). It occurs
while executing IDE SMART commands.

A user on guest could use this flaw to corrupt Qemu process's memory on the
host.

Upstream fix:
-------------
    -> https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 2 SpanKY gentoo-dev 2014-05-06 18:27:43 UTC
ok, but that's in qemu-2.0.0 already
Comment 3 Yury German Gentoo Infrastructure gentoo-dev Security 2014-05-07 20:15:08 UTC
There was a comment on the mailing list about earlier stable branches:

> Should also be fixed in the stable branch of earlier releases. The bug
> is present since SMART emulation was added in 2009.

Can the Maintainers confirm if this is vulnerable in previous versions?
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-08-31 11:31:04 UTC
This issue was resolved and addressed in
 GLSA 201408-17 at http://security.gentoo.org/glsa/glsa-201408-17.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).