1205321 – qemu: malicious PRDT flow from guest to host

Bug 1205321 - qemu: malicious PRDT flow from guest to host

Summary: qemu: malicious PRDT flow from guest to host

Keywords:
Status:	CLOSED DUPLICATE of bug 1204919
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1205322 1205323
Blocks:
TreeView+	depends on / blocked

Reported:	2015-03-24 16:44 UTC by Vasyl Kaigorodov
Modified:	2019-09-29 13:30 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-03-24 17:08:11 UTC
Embargoed:

Attachments	(Terms of Use)

Description Vasyl Kaigorodov 2015-03-24 16:44:52 UTC

Due to inconsistent error checking, Qemu emulator allows malicious PRDT data to flow from a guest to the host's IDE or AHCI controllers. This could result in infinite loop or memory leakage on the host leading to unbounded resource consumption.

A privileged user inside guest could use this flaw to crash the system,
resulting in DoS.

Upstream fix: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3251bdcf1c67427d964517053c3d185b46e618e8
CVE request: http://seclists.org/oss-sec/2015/q1/984

Comment 1 Vasyl Kaigorodov 2015-03-24 16:45:22 UTC

Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1205322]
Affects: epel-all [bug 1205323]

Comment 2 Vasyl Kaigorodov 2015-03-24 17:08:11 UTC


*** This bug has been marked as a duplicate of bug 1204919 ***

Note You need to log in before you can comment on or make changes to this bug.