'[oss-security] Re: CVE request Qemu: 9pfs: integer overflow leading to OOB access'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE request Qemu: 9pfs: integer overflow leading to OOB access
From:       <cve-assign () mitre ! org>
Date:       2016-10-30 19:42:59
Message-ID: a3bc645664c34b6dbfe5aa8b76797692 () imshyb02 ! MITRE ! ORG
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Quick Emulator(Qemu) built with the VirtFS, host directory sharing via Plan 9
> File System(9pfs) support, is vulnerable to an integer overflow issue. It
> could occur by accessing xattributes values.
> 
> A privileged user inside guest could use this flaw to crash the Qemu process
> instance resulting in DoS.
> 
> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html

>> Fix this by comparing the offset and the xattr size, which are
>> both uint64_t, before trying to compute the effective number of bytes
>> to read or write.

Use CVE-2016-9104.

This is not yet available at
http://git.qemu.org/?p=qemu.git;a=history;f=hw/9pfs/9p.c but
that may be an expected place for a later update.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYFkuAAAoJEHb/MwWLVhi2fJwQAKH7JgohXVJh8HsReYgIUaBD
pa9ceIq+t77Ddd8uS0N7srXQnZCXTkM+PKxKLW2cvBtZviUvF0wYCuoUIR3dh66e
L9otE6tlEUQIMSXFuzWsUNhxQfQRYhdU1x9PuraPdcFSHE881xm9UWkg4L7PXcrL
m2YS9A2kxniOjVTEWgv/Wt7Ay/hbzKX++asyBq1MomGeKQooy279xgU+C9oly8mV
Zs6jdxpKcOElyC7qAW9Bn0jQ5FN10mWIBWX6C38MjjpGrtxKJS87gPpz/j2BKNTZ
+JoqjDimpbEvv7PXUXMBzLa19lkJmQS9pAvbnvcVyG7IcAwBCLLP0s0Uvldmd6vX
2vh/vSrQ2TTktZYxhEy0CMgn5+viynrF0nMZHs2Oc//XS2dsdk/EGsRb9J7q/Oma
UX1QGfJ/mPekHKhT8uprlpOb2IQKQX6w+GnTWexqWpbT5E/CCsuIHtiYtOxvMCAJ
qHpXE1apcW66f6lNpGu4W2KDQ+4QZoK8wk7Eo+s36QqYuPO4K0C1h/jJoGvqqcoj
byN7na2s/ZgGukxK4XOEbIpVxOuJhskf4OuXo1bz4pBhhAo8qtMf4w5bA9j5m0kJ
Q/V2lN9fiK3CewzS0kLCarid7HRBAHqlETG+5ULKZvfJOFu9Mu3FrGSZGKDYCnAP
lxrzglHL0JsqKlqwaY5U
=ja9u
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic