Back to bug 1299455
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-01-18 12:18:54 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-01-18 12:18:54 UTC | Doc Type | --- | Bug Fix |
| Adam Mariš | 2016-01-18 12:26:50 UTC | Blocks | 1299461 | |
| Prasad Pandit | 2016-01-20 10:20:44 UTC | CC | prasad | |
| Doc Text | Qemu emulator built with the USB EHCI emulation support is vulnerable to an information leakage flaw. It could occur while processing isochronous transfer descriptors(iTD), with buffer page select(PG) index that falls beyond buffer page array size. A privileged user inside guest could use this flaw to leak qemu memory bytes. | |||
| Whiteboard | impact=moderate,public=no,reported=20160118,source=researcher,cvss2=4.6/AV:L/AC:L/Au:S/C:N/I:N/A:C,cwe=CWE-125,rhel-5/kvm=new,rhel-6/qemu-kvm=new,rhel-6/qemu-kvm-rhev=new,rhel-7/qemu-kvm=new,rhel-7/qemu-kvm-rhev=new,openstack-5/qemu-kvm-rhev=new,openstack-6/qemu-kvm-rhev=new,openstack-7/qemu-kvm-rhev=new,openstack-8/qemu-kvm-rhev=new,rhev-m-3/qemu-kvm-rhev=new,fedora-all/qemu=affected,epel-all/qemu=affected | impact=low,public=20160120,reported=20160118,source=researcher,cwe=CWE-200,cvss2=2.3/AV:A/AC:M/Au:S/C:P/I:N/A:N,rhel-5/kvm=notaffected,rhel-5/xen=notaffected,rhel-6/qemu-kvm=wontfix,rhel-6/qemu-kvm-rhev=wontfix,rhel-7/qemu-kvm=wontfix,rhel-7/qemu-kvm-rhev=wontfix,openstack-5/qemu-kvm-rhev=wontfix,openstack-6/qemu-kvm-rhev=wontfix,openstack-7/qemu-kvm-rhev=wontfix,openstack-8/qemu-kvm-rhev=wontfix,fedora-all/qemu=affected,fedora-all/xen=affected | ||
| Prasad Pandit | 2016-01-20 10:24:16 UTC | Summary | EMBARGOED qemu: Out-of-bounds read in usb-echi | qemu: Out-of-bounds read in usb-echi |
| Prasad Pandit | 2016-01-20 10:24:26 UTC | Group | security, qe_staff | |
| Prasad Pandit | 2016-01-20 10:24:43 UTC | Depends On | 1300234 | |
| Prasad Pandit | 2016-01-20 10:25:02 UTC | Depends On | 1300235 | |
| Prasad Pandit | 2016-01-20 10:26:51 UTC | Summary | qemu: Out-of-bounds read in usb-echi | Qemu: usb ehci out-of-bounds read in ehci_process_itd |
| Prasad Pandit | 2016-01-20 17:00:18 UTC | Status | NEW | CLOSED |
| Resolution | --- | NOTABUG | ||
| Last Closed | 2016-01-20 12:00:18 UTC | |||
| Ján Rusnačko | 2016-01-21 09:47:29 UTC | Priority | medium | low |
| CC | jrusnack | |||
| Severity | medium | low | ||
| Martin Prpič | 2016-03-15 11:33:13 UTC | Doc Text | Qemu emulator built with the USB EHCI emulation support is vulnerable to an information leakage flaw. It could occur while processing isochronous transfer descriptors(iTD), with buffer page select(PG) index that falls beyond buffer page array size. A privileged user inside guest could use this flaw to leak qemu memory bytes. | |
| Perry Myers | 2016-04-26 15:41:18 UTC | CC | pmyers | |
| Product Security DevOps Team | 2019-09-29 13:42:36 UTC | Whiteboard | impact=low,public=20160120,reported=20160118,source=researcher,cwe=CWE-200,cvss2=2.3/AV:A/AC:M/Au:S/C:P/I:N/A:N,rhel-5/kvm=notaffected,rhel-5/xen=notaffected,rhel-6/qemu-kvm=wontfix,rhel-6/qemu-kvm-rhev=wontfix,rhel-7/qemu-kvm=wontfix,rhel-7/qemu-kvm-rhev=wontfix,openstack-5/qemu-kvm-rhev=wontfix,openstack-6/qemu-kvm-rhev=wontfix,openstack-7/qemu-kvm-rhev=wontfix,openstack-8/qemu-kvm-rhev=wontfix,fedora-all/qemu=affected,fedora-all/xen=affected | |
| Ondrej Soukup | 2021-06-01 15:05:24 UTC | CC | osoukup |
Back to bug 1299455