A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
The bug has been referenced in the following commit(s):
Author: Matthias Maier <email@example.com>
AuthorDate: 2023-05-05 16:19:24 +0000
Commit: Matthias Maier <firstname.lastname@example.org>
CommitDate: 2023-05-05 18:11:17 +0000
app-emulation/qemu: add 8.0.0
- merge qemu-7.2.1 and qemu-9999 ebuilds
- remove static keyword
- update to --enable-trace-backends configuration option
Signed-off-by: Matthias Maier <email@example.com>
app-emulation/qemu/Manifest | 1 +
.../qemu/files/qemu-8.0.0-disable-keymap.patch | 18 +-
app-emulation/qemu/files/qemu-8.0.0-make.patch | 9 +-
app-emulation/qemu/qemu-8.0.0.ebuild | 962 +++++++++++++++++++++
4 files changed, 978 insertions(+), 12 deletions(-)
Looks like the patch for CVE-2022-1050 is in 8.0.0 and CVE-2023-2962 in 7.2.0. Let's remove CVE-2021-20255 and proceed with this bug otherwise.
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.
(managed to typo the bug number)
Author: John Helmert III <firstname.lastname@example.org>
Date: Sun Oct 29 19:57:34 2023 -0700
app-emulation/qemu: drop 7.2.0-r3, 7.2.3
Signed-off-by: John Helmert III <email@example.com>