oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2021-3527 QEMU: usb: unbounded stack allocation in usbredir

From: Mauro Matteo Cascella <mcascell () redhat com>
Date: Fri, 7 May 2021 16:07:04 +0200
On Wed, May 5, 2021 at 7:09 PM Mauro Matteo Cascella
<mcascell () redhat com> wrote:


Upstream patchset:
https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg00564.html


Note that the xhci patch was dropped [1] and a new USB patchset has
been proposed without it [2]. As discussed upstream, this could leave
room for unbound allocation on the heap, although more difficult to
exploit by the guest to crash the QEMU process on the host.

[1] https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01372.html
[2] https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01373.html

-- 
Mauro Matteo Cascella
Red Hat Product Security
PGP-Key ID: BB3410B0
Previous By Date Next
Previous By Thread Next

Current thread: