[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request: Out-of-bands write issue found in qemu
From: P J P <ppandit () redhat ! com>
Date: 2016-04-27 6:35:10
Message-ID: alpine.LFD.2.20.1604271151190.13938 () wniryva
[Download RAW message or body]
+-- On Wed, 27 Apr 2016, ÀîÇ¿ wrote --+
| The qemu has an out-of-bands bug in uart_write() function.
|
| In uart_write() function from hw/char/cadence_uart.c, the ¡®offset¡¯ isn¡¯t
| checked and after it is divided by 4 and used to index the ¡®r¡¯ array, it
| will cause an out-of-bands memory write. The value can be controlled by
| guest and can cause the qemu crash or code execution on host.
|
| The patch is here:
| https://lists.nongnu.org/archive/html/qemu-devel/2016-04/msg02711.html
Not sure if this should need a CVE, awaiting upstream confirmation on the
same.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic