Bug 1112271 – CVE-2014-3471 Qemu: hw: pci: use after free triggered via guest

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1112271 - (CVE-2014-3471) CVE-2014-3471 Qemu: hw: pci: use after free triggered via guest

Summary:	CVE-2014-3471 Qemu: hw: pci: use after free triggered via guest

Status:	CLOSED ERRATA

Aliases:	CVE-2014-3471

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20140623,repor...
Keywords:	Security

Depends On:	1058321 1112274 1112532
Blocks:	1102527
	Show dependency tree / graph

Reported:	2014-06-23 09:01 EDT by Prasad J Pandit
Modified:	2016-02-10 03:18 EST (History)
CC List:	25 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2016-02-10 03:18:22 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Prasad J Pandit 2014-06-23 09:01:54 EDT

Qemu PCIe bus support is vulnerable to a use-after-free flaw. It could occur
via guest, when it tries to hotplug/hotunplug devices on the guest.

A user able to add & delete Virtio block devices on a guest could use this
flaw to crash the Qemu instance resulting in DoS.

Upstream fix:
-------------
  -> git.qemu.org/?p=qemu.git;a=commit;h=554f802da3f8b09b16b9a84ad5847b2eb0e9ad2b

Comment 1 Prasad J Pandit 2014-06-23 09:12:34 EDT

Statement:

This issue does not affect the versions of kvm package as shipped with Red Hat
Enterprise Linux 5.

This issue does not affect the versions of qemu-kvm package as shipped with Red Hat Enterprise Linux 6.

This issue does not affect the versions of qemu-kvm package as shipped with Red Hat Enterprise Linux 7.

Comment 2 Prasad J Pandit 2014-06-23 09:15:02 EDT

Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1112274]

Note You need to log in before you can comment on or make changes to this bug.

amit.shah
areis
berrange
carnil
cfergeau
dwmw2
ehabkost
itamar
jrusnack
juzhang
knoel
marcel
mkenneth
mrezanin
mst
mtosatti
pbonzini
pmatouse
rbalakri
rjones
rpacheco
scottt.tw
stefanha
virt-maint
virt-maint