Quick Emulator(Qemu) built with the MegaRAID SAS 8708EM2 Host Bus Adapter emulation support is vulnerable to a memory leakage issue. It could occur while processing MegaRAID Firmware Interface(MFI) command in 'megasas_handle_dcmd' routine. A privileged user inside guest could use this flaw to leak host memory resulting DoS issue. Upstream patch: --------------- -> http://git.qemu.org/?p=qemu.git;a=commit;h=765a707000e838c30b18d712fe6cb3dd8e0435f3 Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/02/01/19
Acknowledgments: Name: Li Qiang (360.cn Inc.)
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1418344]