Quick Emulator(Qemu) built with the ac97 audio device emulation support is vulnerable to a memory leakage issue. It could occur while doing a device unplug operation; Doing so repeatedly would result in leaking host memory, affecting other services on the host. A privileged user inside guest could use this flaw to cause a DoS and/or potentially crash the Qemu process on the host. Upstream patch: --------------- -> https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01740.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/01/17/19
Acknowledgments: Name: Li Qiang (360.cn Inc.)
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1414111]
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1414110]