Quick Emulator(Qemu) built with the Audio subsystem support is vulnerable to a host memory leakage issue. It could occur if a guest user was to repeatedly start and stop audio capture. A privileged user inside guest could use this flaw to exhaust host memory, resulting in DoS. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/05/03/1
Acknowledgments: Name: Jiang Xin (Huawei PSIRT)
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1446521]
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1446520]
qemu-2.7.1-7.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Red Hat OpenStack Platform 11.0 (Ocata) Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 Red Hat OpenStack Platform 8.0 (Liberty) Red Hat OpenStack Platform 9.0 (Mitaka) Via RHSA-2017:2408 https://access.redhat.com/errata/RHSA-2017:2408