Quick Emulator(Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg01379.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2016/12/06/3
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1402266]
commit 07b026fd82d6cf11baf7d7c603c4f5f6070b35bf Author: Li Qiang <liqiang6-s> Date: Mon Nov 7 21:57:46 2016 -0800 usbredir: free vm_change_state_handler in usbredir destroy dispatch
This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Red Hat OpenStack Platform 11.0 (Ocata) Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 Red Hat OpenStack Platform 8.0 (Liberty) Red Hat OpenStack Platform 9.0 (Mitaka) Via RHSA-2017:2408 https://access.redhat.com/errata/RHSA-2017:2408
This issue has been addressed in the following products: RHEV 4.X RHEV-H and Agents for RHEL-7 Via RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2392