Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1422656 - (CVE-2017-6000) REJECTED CVE-2017-6000 Qemu: crypto: memory leakage in qcrypto_ivgen_essiv_init
REJECTED CVE-2017-6000 Qemu: crypto: memory leakage in qcrypto_ivgen_essiv_init
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20170104,reported=2...
: Security
Depends On: 1422657
Blocks: 1410057
  Show dependency treegraph
 
Reported: 2017-02-15 13:53 EST by Prasad J Pandit
Modified: 2017-02-17 03:55 EST (History)
39 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-02-16 08:02:38 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Prasad J Pandit 2017-02-15 13:53:17 EST 
Quick Emulator(Qemu) built with the Crypto block IV generator - essiv support
is vulnerable to a host memory leakage issue. It could occur while initialising
the crypto device in 'qcrypto_ivgen_essiv_init'.

A guest user/process could use this flaw to leak host memory resulting in DoS.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg00295.html

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2017/02/16/2
Comment 1 Prasad J Pandit 2017-02-15 13:53:21 EST 
Acknowledgments:

Name: Li Qiang (360.cn Inc.)
Comment 2 Prasad J Pandit 2017-02-15 13:54:30 EST 
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1422657]
Comment 3 Daniel Berrange 2017-02-15 14:10:55 EST 
(In reply to Prasad J Pandit from comment #0)
> Quick Emulator(Qemu) built with the Crypto block IV generator - essiv support
> is vulnerable to a host memory leakage issue. It could occur while
> initialising
> the crypto device in 'qcrypto_ivgen_essiv_init'.
> 
> A guest user/process could use this flaw to leak host memory resulting in
> DoS.

I don't believe that analysis is correct.

qcrypto_ivgen_essiv_init() is called only from qcrypto_ivgen_new().

qcrypto_ivgen_new() is called only from qcrypto_block_qcow_init() or qcrypto_block_luks_open() or qcrypto_block_luks_create().

None of those three methods can be triggered by guest code.  They are only triggered in response to a host administrator adding a new virtual disk to QEMU.

IOW, you have a leak that only occurs during file open time in the host - it doesn't leak during guest I/O operations.
Comment 4 Daniel Berrange 2017-02-16 04:24:29 EST 
FYI I intend to close this NOTABUG unless you can show a scenario in which the guest can trigger this leak.
Comment 5 Prasad J Pandit 2017-02-16 08:02:00 EST 
Hello Dan,

(In reply to Daniel Berrange from comment #3)
> None of those three methods can be triggered by guest code.  They are only
> triggered in response to a host administrator adding a new virtual disk to
> QEMU.
> 
> IOW, you have a leak that only occurs during file open time in the host - it
> doesn't leak during guest I/O operations.

Ah I see, thank you so much for the details. Will close this as non-issue.

Thank you.
Comment 6 Daniel Berrange 2017-02-16 08:27:49 EST 
Could you also reply to the quoted oss-security mail to report that this is not in fact a vulnerability in QEMU.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.