'Re: [oss-security] CVE request: qemu host crash from within guest'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: qemu host crash from within guest
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2013-09-26 19:39:52
Message-ID: 52448D88.20303 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/26/2013 12:39 PM, Vincent Danen wrote:
> Could a CVE be assigned to the following?
> 
> A dangling pointer access flaw was found in the way qemu handled 
> hot-unplugging virtio devices.  This flaw was introduced by virtio 
> refactoring and exists in the virtio-pci implementation.  When the 
> virtio-blk-pci device is deleted, the virtio-blk-device is removed
> first (removal is done in post-order).  Later, the
> virtio-blk-device is accessed again, but proxy->vdev->vq is no
> longer valid (a dangling pointer) and kvm_set_ioeventfd_pio fails.
> 
> A privileged guest user could use this flaw to crash the qemu
> process on the host system, causing a denial of service to it and
> any other running virtual machines.
> 
> References:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1012633 
> http://thread.gmane.org/gmane.comp.emulators.qemu/234440
> 

Please use CVE-2013-4377 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSRI2HAAoJEBYNRVNeJnmTf28P+gIUs+th2lHuuvusTOC5bkO0
0h3MCDOMs7KwbmzUYPxi1bbBDEpVsiHlhfEgBlYQQFJ1kcTwEf3FHqos5XHaMdlf
3BSQgyTwMp79U4yt2qXW23M8PG0yaCzVSqzqfPhVxuDCuG7IebUn9gqXd9UbFOS/
41qPyMz1/NJxV7zJF3FvMxRrUMGo6q3GIdeVaSha9qYfgCU+b8x1abi/nk2ogAiH
u0U9LuKtU7E2H9DVEN7LE0HKDJlopUk+9v2ycsgO7fE8N32LEyq4DAskO7DlPU0B
Tc4MpKa9EBPt91/oWVxfIMXGo90vTluy+IZ5cuokVCV/iR6YDY17iI8z+QycLHN5
Yj7pBKKxYYcSEs8wGW79JKW6/Bh/YnzIbK5i2VMXHk2FONKl+StLmnEe2JYHdwC9
3ItlINii8YHreDKalr3m0rHODHTg0J8tjUn/540gQbmwcYICGL7bbp/yLLA6xyBt
RHJhmwkxzI8dIlJc5fD9yGIJW8915FQr6thJeXogLTMc1U1rN498QBgvPvqRjwpj
sYUMX20H2XbniVrkBvSnhy6IPVFJwa+o7MqYmvZ8o9+nLXOd4oN+cJTWUEipoJuk
0oPOmBpJhMpuokSasoVpwrFXyrQmfDLS1ZuhDcQgu5ueFMezdHQiOpbwEAOlRmyX
dxVp59HWHuMw/rjwFV7M
=Yk2H
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic