Bug 1536377 (CVE-2017-18043)

Summary: CVE-2017-18043 Qemu: integer overflow in ROUND_UP macro could result in DoS
Product: [Other] Security Response Reporter: Prasad Pandit <ppandit>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: ailan, amit, apevec, areis, berrange, cfergeau, chrisw, drjones, dwmw2, imammedo, itamar, jen, jforbes, jjoyce, jschluet, kbasil, knoel, lhh, lpeer, markmc, m.a.young, mburns, mkenneth, mrezanin, mst, pbonzini, rbryant, rjones, rkrcmar, robinlee.sysu, sclewis, slinaber, srevivo, tdecacqu, virt-maint, virt-maint, vkuznets, xen-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 03:37:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1536379, 1536380, 1536381    
Bug Blocks: 1491569    

Description Prasad Pandit 2018-01-19 09:50:34 UTC
Quick Emulator(Qemu) built with a macro ROUND_UP(n, d),
used to promote number 'n' to the nearest multiple of 'd',
is vulnerable to an integer overflow issue. It could occur
if 'd' is unsigned and differs in type from 'n'.

A user/process could use this flaw to crash the Qemu process
resulting in DoS.

Upstream patch:
  -> https://git.qemu.org/?p=qemu.git;a=commit;h=2098b073f398cd628c09c5a78537a6854

  -> http://www.openwall.com/lists/oss-security/2018/01/19/1

Comment 1 Prasad Pandit 2018-01-19 09:51:04 UTC

Name: Eric Blake (Red Hat Inc.)

Comment 2 Prasad Pandit 2018-01-19 09:56:19 UTC
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1536380]

Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1536379]