Quick emulator(Qemu) built with the SDHCI device emulation support is vulnerable to an OOB heap access issue. It could occur while doing a multi block SDMA transfer via sdhci_sdma_transfer_multi_blocks routine. A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code with privileges of the Qemu process on the host. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/01/30/2 Reproducible: Didn't try
Added to an existing GLSA request.
This issue was resolved and addressed in GLSA 201702-28 at https://security.gentoo.org/glsa/201702-28 by GLSA coordinator Thomas Deutschmann (whissi).