[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2020-27821 QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c
From:       Mauro Matteo Cascella <mcascell () redhat ! com>
Date:       2020-12-16 17:05:58
Message-ID: CAA8xKjXKseHt=cdka4K5+hQCXTD88=uyKxYJ-UQW6+ZoczTp2A () mail ! gmail ! com
[Download RAW message or body]

Hello,

A flaw was found in the memory management API of QEMU during the
initialization of a memory region cache. This flaw could lead to an
out-of-bounds access of the Message Signalled Interrupt (MSI-X) table
while performing MMIO operations. A privileged guest user may abuse
this issue to crash the QEMU process on the host, resulting in a
denial of service.

Upstream fix:
https://git.qemu.org/?p=qemu.git;a=commit;h=4bfb024bc76973d40a359476dc0291f46e435442

This issue was reported by Alexander Bulekov (cc'd).
CVE-2020-27821 was assigned by Red Hat Inc.

Best regards.
-- 
Mauro Matteo Cascella
Red Hat Product Security
PGP-Key ID: BB3410B0

[prev in list] [next in list] [prev in thread] [next in thread]