'[oss-security] Re: CVE Request Qemu: scsi: megasas: stack information leakage while reading configur'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE Request Qemu: scsi: megasas: stack information leakage while reading configur
From:       cve-assign () mitre ! org
Date:       2016-05-26 18:22:31
Message-ID: 20160526182231.A7D0A52E007 () smtpvbsrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Quick Emulator(Qemu) built with the MegaRAID SAS 8708EM2 Host Bus Adapter
> emulation support is vulnerable to an information leakage issue. It could
> occur while processing MegaRAID Firmware Interface(MFI) command to read device
> configuration in 'megasas_dcmd_cfg_read'.
> 
> A privileged user inside guest could use this flaw to leak host memory bytes.
> 
> https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html
> https://bugzilla.redhat.com/show_bug.cgi?id=1339583

>> When reading MegaRAID SAS controller configuration via MegaRAID
>> Firmware Interface(MFI) commands, routine megasas_dcmd_cfg_read
>> uses an uninitialised local data buffer. Initialise this buffer
>> to avoid stack information leakage.

Use CVE-2016-5105.

This is not yet available at
http://git.qemu.org/?p=qemu.git;a=history;f=hw/scsi/megasas.c but
that may be an expected place for a later update.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXRzxiAAoJEHb/MwWLVhi2qVUP/AsvBiRL5zXD4C4Kx/LCRyCE
PbG+dd7HH27fm5UHvev40MLvZ9tXQok3hV2XlMMBvvLzkIwFfxYA67qOmJJAF76d
ae200JbEbdIKYF8EMANPzbh4xKZ/bpRD8cD43kBWpvr0oGzHsJzP7K1147844kFx
R9nT3b18k18YhbxO/kEGi4ssDoFx3Orqrdi6mYQWU6UeZQtwkjTpGOg0pKFubtoW
htAhGT/8LPS4NxzVyCcAhLRb8Gk403IlmHnB3b/T7frUcx6hjSJqVm2mShAO5tT3
iLYPjDcbljFjhQ9KFuFcflDKRFoZU5eQjFyx0kJ99QqlnmvPmOB0ks9RYWfUROWq
7D7s3SW8jmqK8Q1LcANHw3hDYNabVQzrY+R31fAM/BmhmdWzlDIDXs/z/lXBzsdk
gQkDbOD4Zizfi9XwN+Su2wp8ZkG25tO5t5je0au+irHck53lPzJYI6UgKWw82O1S
lEsMZj8dvn+qcOvOYZrQr/awQ13nz+1VjbwiOn4Ce0cS35mRXAMYM2uRvj7NIVrR
qZrSavg/TN+tOAxKKDcrLyipwoSBtjeXyGp22MWYv+es2jdt9RJ9RFDl6mrlOy2i
eV0KPnXpEYqqGRrLaYLYUPAosfYyQiHW0aMIpMOKNNJ++Fw2SgeJGGu/W5fsdUW/
StE1XDD/7pcOjCT2bJw5
=kowa
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic