An out-of-bounds read/write access issue was found in the USB emulator of the
QEMU. It occurs while processing USB packets from a guest, when
'USBDevice->setup_len' exceeds the USBDevice->data_buf, in
A guest user may use this flaw to crash the QEMU process resulting in DoS OR
potentially execute arbitrary code with the privileges of the QEMU process on
Upstream commit: https://gitlab.com/qemu-project/qemu/-/commit/b946434f2659a182afc17e155be6791ebfb302eb
The bug has been referenced in the following commit(s):
Author: Sergei Trofimovich <email@example.com>
AuthorDate: 2020-09-20 08:22:57 +0000
Commit: Sergei Trofimovich <firstname.lastname@example.org>
CommitDate: 2020-09-20 08:23:26 +0000
app-emulation/qemu: backport USB oob access (CVE-2020-14364)
Reported-by: John Helmert III (ajak)
Package-Manager: Portage-3.0.7, Repoman-3.0.1
Signed-off-by: Sergei Trofimovich <email@example.com>
.../files/qemu-5.1.0-usb-oob-CVE-2020-14364.patch | 90 +++
app-emulation/qemu/qemu-5.1.0-r1.ebuild | 846 +++++++++++++++++++++
2 files changed, 936 insertions(+)
Thanks. Please stable when ready.
(In reply to John Helmert III (ajak) from comment #3)
> Thanks. Please stable when ready.
Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Unable to check for sanity:
> no match for package: app-emulation/qemu-5.1.0-r1
(In reply to Agostino Sarubbo from comment #7)
> x86 stable.
> Maintainer(s), please cleanup.
> Security, please add it to the existing request, or file a new one.
Done in https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09d8b2d015074015e7c732b8119bacf18283fe95.
This issue was resolved and addressed in
GLSA 202011-09 at https://security.gentoo.org/glsa/202011-09
by GLSA coordinator Sam James (sam_c).