Date: Thu, 7 Sep 2017 15:43:37 +0530 (IST) From: P J P <ppandit@...hat.com> To: oss security list <oss-security@...ts.openwall.com> cc: Thomas Garnier <thgarnie@...gle.com> Subject: CVE-2017-14167 Qemu: i386: multiboot OOB access while loading guest kernel image Hello, Quick Emulator(Qemu) built with the PC System Emulator with multiboot feature support is vulnerable to an OOB r/w memory access issue. It could occur due to an integer overflow while loading a kernel image during a guest boot. A user/process could use this flaw to potentially achieve arbitrary code execution on a host. Upstream patch: --------------- -> https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01483.html Reference: ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1489375 This issue was reported by Thomas Garnier of Google.com. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F ---------------------------------------------------------- Daj Uan (jmbailey/mbailey_j) Gentoo Security Padawan
Security, please reassess severity.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=23224f9e55bfc2ec41c8a8906a44e60791de07b5 commit 23224f9e55bfc2ec41c8a8906a44e60791de07b5 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2017-11-12 20:10:34 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2017-11-12 20:22:03 +0000 app-emulation/qemu: Version bump to 2.10.1, various security fixes Bug: https://bugs.gentoo.org/630432 Bug: https://bugs.gentoo.org/633822 Bug: https://bugs.gentoo.org/634070 Bug: https://bugs.gentoo.org/634148 Package-Manager: Portage-2.3.8, Repoman-2.3.4 app-emulation/qemu/Manifest | 1 + .../qemu/files/qemu-2.10.0-CVE-2017-13711.patch | 80 --- .../qemu/files/qemu-2.10.1-CVE-2017-15268.patch | 54 ++ .../qemu/files/qemu-2.10.1-CVE-2017-15289.patch | 58 ++ app-emulation/qemu/qemu-2.10.1.ebuild | 796 +++++++++++++++++++++ 5 files changed, 909 insertions(+), 80 deletions(-)}
