Bug 1420092 (CVE-2017-5931)

Summary: CVE-2017-5931 Qemu: virtio: integer overflow in handling virtio-crypto requests
Product: [Other] Security Response Reporter: Prasad Pandit <ppandit>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ailan, amit, apevec, areis, ayoung, berrange, cfergeau, chrisw, cvsbot-xmlrpc, drjones, dwmw2, imammedo, itamar, jen, jjoyce, jschluet, kbasil, knoel, lhh, lpeer, markmc, m.a.young, mkenneth, mrezanin, mst, pbonzini, rbryant, rjones, rkrcmar, sclewis, srevivo, tdecacqu, virt-maint, virt-maint, vkuznets, xen-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 03:07:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1409775    

Description Prasad Pandit 2017-02-07 18:52:55 UTC 
Quick Emulator(Qemu) built with the Virtio crypto device emulation support is
vulnerable to an integer overflow issue. It could occur while handling data
encryption/decryption requests in 'virtio_crypto_handle_sym_req'.

A privileged user inside guest could use this flaw to crash the Qemu process
resulting in DoS or potentially execute arbitrary code on the host with
privileges of the Qemu process.

Upstream patch:
---------------
  -> https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01368.html

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2017/02/07/8
Comment 1 Prasad Pandit 2017-02-07 18:53:30 UTC 
Acknowledgments:

Name: Li Qiang (360.cn Inc.)