Bug 1204919 (CVE-2014-9718)

Summary: CVE-2014-9718 Qemu: PRDT overflow from guest to host
Product: [Other] Security Response Reporter: Prasad Pandit <ppandit>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abaron, amit.shah, apevec, areis, berrange, carnil, cfergeau, chrisw, dallan, dwmw2, ehabkost, gkotton, itamar, knoel, lhh, lpeer, markmc, mkenneth, mrezanin, mtosatti, pbonzini, rbryant, rjones, sclewis, scottt.tw, srevivo, virt-maint, virt-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table (PRDT) data sent to the host's IDE and/or AHCI controller emulation. A privileged guest user could use this flaw to crash the system.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-21 00:44:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1205100, 1205103, 1205322, 1216968    
Bug Blocks: 1169000    

Description Prasad Pandit 2015-03-23 18:36:31 UTC 
Upstream Qemu is vulnerable to sending malicious PRDT data to the host's
IDE and/or AHCI controller emulation. This could result in infinite loop or memory leakage on the host leading to unbounded resource consumption on the host.

A privileged user inside guest could use this flaw to crash the system,
resulting in DoS.

Upstream fix:
-------------
  -> http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3251bdcf1c67427d964517053c3d185b46e618e8
Comment 1 Prasad Pandit 2015-03-24 08:49:45 UTC 
Statement:

This issue did not affect the versions of the kvm package as shipped with Red Hat Enterprise Linux 5 and the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6.

This issue affects the version of the qemu-kvm package as shipped with Red Hat Enterprise Linux 7, a future update may address this flaw.
Comment 3 Prasad Pandit 2015-03-24 08:54:38 UTC 
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1205103]
Comment 4 Vasyl Kaigorodov 2015-03-24 17:08:11 UTC 
*** Bug 1205321 has been marked as a duplicate of this bug. ***