oss-sec mailing list archives
Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array
From: saar amar <saaramar5 () gmail com>
Date: Tue, 18 Dec 2018 11:44:32 +0200
Thanks all :) I'm happy it fixed, thanks for the response guys! I'm wondering why it says "DOS" and not "execute arbitrary code on the host, in the context of the QEMU process"? I have stack overflow, it pretty clear I could gain more than simple DOS:) What do your day? On Tue, 18 Dec 2018, 10:53 P J P <ppandit () redhat com wrote:
Hello, An out-of-bound stack buffer r/w access issue was found in QEMU's generic RDMA back-end implementation. It could occur when a driver tries to build scatter/gather element's array in build_host_sge_array() routine. A guest user/process could use this flaw to crash the QEMU process resulting in DoS. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02822.html This issue was reported by Saar Amar. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
Current thread:
- CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array P J P (Dec 18)
- Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array saar amar (Dec 18)
- Re: Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array Agostino Sarubbo (Dec 18)
- Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array P J P (Dec 18)
- Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array saar amar (Dec 18)