Quick Emulator(Qemu) built with the Network Block Device(NBD) client support is
vulnerable to a stack buffer overflow issue. It could occur while processing
server's response to a 'NBD_OPT_LIST' request.
A malicious NBD server could use this issue to crash remote NBD client
resulting in DoS or potentially execute arbitrary code on client host with
privileges of the Qemu process.
Latest upstream patch - hoping it will be merged for the release candidates
Will be in qemu 2.9:
Author: Vladimir Sementsov-Ogievskiy <vsementsov>
Date: Tue Mar 7 09:16:27 2017 -0600
nbd/client: fix drop_sync [CVE-2017-2630]
Comparison symbol is misused. It may lead to memory corruption.
Introduced in commit 7d3123e.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov>
[eblake: add CVE details, update conditional]
Signed-off-by: Eric Blake <eblake>
Reviewed-by: Marc-AndrÃ© Lureau <marcandre.lureau>
Signed-off-by: Paolo Bonzini <pbonzini>
This issue has been addressed in the following products:
RHEV 4.X RHEV-H and Agents for RHEL-7
Via RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2392