From ${URL} : Qemu emulator built with the Firmware Configuration device emulation support is vulnerable to an OOB r/w access issue. It could occur while processing firmware configurations, if the current configuration entry value was set to be invalid(FW_CFG_INVALID=0xffff). A privileged(CAP_SYS_RAWIO) user/process inside guest could use this flaw to crash the Qemu process instance resulting in DoS OR potentially execute arbitrary code with privileges of the Qemu process on the host. Upstream fix: ------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
note: that patch was written for qemu-2.3.x and isn't directly relevant to newer versions. the write code path for example was dropped entirely in qemu-2.4.x. the read code path was fixed upstream here: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=66f8fd9dda312191b78d2a2ba2848bcee76127a2
this is in qemu-2.5.0-r2 and is fine for stable
Added to existing GLSA.
Clean as part of bug #567420
This issue was resolved and addressed in GLSA 201604-01 at https://security.gentoo.org/glsa/201604-01 by GLSA coordinator Yury German (BlueKnight).
