Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 568330 - app-emulation/qemu: DoS possibility in vmxnet3 device emulation
Summary: app-emulation/qemu: DoS possibility in vmxnet3 device emulation
Status: RESOLVED DUPLICATE of bug 567868
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://seclists.org/oss-sec/2015/q4/503
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-12-15 14:05 UTC by Kristian Fiskerstrand (RETIRED)
Modified: 2015-12-15 14:06 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-12-15 14:05:46 UTC
From ${URL}:
  Hello,

Qemu emulator built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to a memory leakage flaw. It occurs when a guest repeatedly tries to activate the vmxnet3 device.

A privileged guest user could use this flaw to leak host memory, resulting in DoS on the host.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html


This issue was discovered by Qinghao Tang of QIHU 360 Marvel Team.

Thank you.
-- 
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-12-15 14:06:23 UTC

*** This bug has been marked as a duplicate of bug 567868 ***