From ${URL} : Quick Emulator(Qemu) built with the MegaRAID SAS 8708EM2 Host Bus Adapter emulation support is vulnerable to a memory leakage issue. It could occur while processing MegaRAID Firmware Interface(MFI) command in 'megasas_handle_dcmd' routine. A privileged user inside guest could use this flaw to leak host memory resulting DoS issue. Upstream patch: --------------- -> http://git.qemu.org/?p=qemu.git;a=commit;h=765a707000e838c30b18d712fe6cb3dd8e0435f3 Reference: ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1418342 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Added to an existing GLSA request.
This issue was resolved and addressed in GLSA 201702-28 at https://security.gentoo.org/glsa/201702-28 by GLSA coordinator Thomas Deutschmann (whissi).
