Bug 2390333 (CVE-2025-29365)
| Summary: | CVE-2025-29365 spim: Buffer Overflow in READ_STRING_SYSCALL | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A simulator escape vulnerability has been identified in Spim Simulator, which occurs in the READ_STRING_SYSCALL system call of the SPIM simulator virtual machine. When an attempt is made to set the starting write address at the boundary of the virtual machine's memory, and the write length exceeds the virtual machine's memory range, a heap buffer overflow occurs during the READ_STRING_SYSCALL system call. This corrupts the host's memory, which then allows for an escape from the virtual machine.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2390736, 2390737 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-08-22 16:02:13 UTC
|