Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 719266 (CVE-2020-11869) - <app-emulation/qemu-4.2.0-r6: Integer overflow in ati_2d_blt() in hw/display/ati-2d.c (CVE-2020-11869)
Summary: <app-emulation/qemu-4.2.0-r6: Integer overflow in ati_2d_blt() in hw/display/...
Status: RESOLVED FIXED
Alias: CVE-2020-11869
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-24 17:57 UTC by Sam James
Modified: 2020-05-04 01:39 UTC (History)
3 users (show)

See Also:
Package list:
app-emulation/qemu-4.2.0-r6 amd64 x86
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-04-24 17:57:04 UTC
Description:
"An integer overflow flaw was found in QEMU in the way it implemented the
ATI VGA
emulation. This flaw occurs in the ati_2d_blt() routine while handling MMIO
write
operations through ati_mm_write() callback. A malicious guest could abuse
this
flaw to crash the QEMU process, resulting in a denial of service."

Patch: https://git.qemu.org/?p=qemu.git;a=commit;h=ac2071c3791b67fc7af78b8ceb320c01ca1b5df7
Comment 1 Sam James archtester gentoo-dev Security 2020-04-24 17:57:32 UTC
@maintainer(s), please apply the provided patch
Comment 2 Larry the Git Cow gentoo-dev 2020-04-24 19:59:44 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5295c1235bc8f39e9b30c6c1671611f8602e969

commit e5295c1235bc8f39e9b30c6c1671611f8602e969
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2020-04-24 19:59:21 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2020-04-24 19:59:37 +0000

    app-emulation/qemu: fix int overflow in ati-2d, bug #719266
    
    Direct backport of upstream ac2071c3791b67fc7af78b8ceb
    "ati-vga: Fix checks in ati_2d_blt() to avoid crash"
    
    Bug: https://bugs.gentoo.org/719266
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 .../qemu/files/qemu-4.2.0-ati-vga-crash.patch      |  94 +++
 app-emulation/qemu/qemu-4.2.0-r6.ebuild            | 834 +++++++++++++++++++++
 2 files changed, 928 insertions(+)
Comment 3 Sam James archtester gentoo-dev Security 2020-04-24 20:11:05 UTC
@maintainer(s), please advise if ready for stabilisation, or call yourself
Comment 4 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2020-04-25 10:44:29 UTC
amd64 stable
Comment 5 Yury German Gentoo Infrastructure gentoo-dev 2020-04-25 22:49:30 UTC
Arches please finish stabilizing x86
Comment 6 Thomas Deutschmann gentoo-dev Security 2020-04-26 23:48:39 UTC
x86 stable
Comment 7 Sam James archtester gentoo-dev Security 2020-04-27 00:15:45 UTC
@maintainer(s), please cleanup
Comment 8 Larry the Git Cow gentoo-dev 2020-04-27 06:48:33 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ea29697f54f95ce75abbd22e3935360be3f11189

commit ea29697f54f95ce75abbd22e3935360be3f11189
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2020-04-27 06:48:19 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2020-04-27 06:48:27 +0000

    app-emulation/qemu: drop old, bug #719266
    
    Bug: https://bugs.gentoo.org/719266
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 app-emulation/qemu/qemu-4.2.0-r5.ebuild | 833 --------------------------------
 1 file changed, 833 deletions(-)
Comment 9 Sam James archtester gentoo-dev Security 2020-04-27 06:49:15 UTC
Thanks all!