Quick emulator(Qemu) built with the SDHCI device emulation support is vulnerable to an OOB heap access issue. It could occur while doing a multi block SDMA transfer via sdhci_sdma_transfer_multi_blocks routine. A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code with privileges of the Qemu process on the host. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/01/30/2
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1417560]
Acknowledgments: Name: Jiang Xin (Huawei PSIRT)