Bug 414741 (CVE-2007-6227)

Summary: CVE-2007-6227 Non-privileged user can cause the virtual CPU to crash
Product: [Other] Security Response Reporter: Lubomir Kundrak <lkundrak>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: dwmw2
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6227
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-12-06 20:26:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lubomir Kundrak 2007-12-06 20:02:27 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6227 to the following vulnerability:

QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com.

References:

http://www.securityfocus.com/archive/1/archive/1/484429/100/0/threaded
http://www.securityfocus.com/bid/26666
Comment 1 Lubomir Kundrak 2007-12-06 20:19:27 UTC 
An unprivileged user can issue the code that crashes the virtual machine. The
problem is in the CPU emulation code and thus doesn't affect Xen and KVM as they
only use peripheral device emulation.
Comment 2 Lubomir Kundrak 2007-12-06 20:26:12 UTC 
Not vulnerable. Xen and KVM, as shipped with Red Hat Enterprise Linux 5 are not
vulnerable to this issue, as they normally use only peripheral device emulation
of QEMU. In case KVM is attempted to be used and not supported by hardware, QEMU
CPU emulation code that is vulnerable to this issue is used, whis allow and
unprivileged user to cause a virtual machine crash. Red Hat does not consider
this a security issue as using KVM without hardware support for production
purposes is strongly discouraged.
Comment 3 Ville Skyttä 2007-12-09 19:37:42 UTC 
What about the standalone QEMU in Fedora?
Comment 4 Lubomir Kundrak 2007-12-09 19:46:16 UTC 
Ville standalone QEMU is affected. However due to the nature of the problem it
is not considered a security issue and is not to be handled differently than any
other bug.