Quick Emulator(Qemu) built with the Network Block Device(NBD) Server support is vulnerable to a null pointer dereference issue. It could occur while releasing a client, which was not initialised due to failed negotiation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in DoS. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg06240.html -> https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02321.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/06/12/1
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1460173]
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1460172]
(In reply to Prasad J Pandit from comment #0) > Quick Emulator(Qemu) built with the Network Block Device(NBD) Server support > is vulnerable to a null pointer dereference issue. It could occur while > releasing a client, which was not initialised due to failed negotiation. > > A remote user/process could use this flaw to crash the qemu-nbd server > resulting in DoS. > > Upstream patch: > --------------- > -> https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg06240.html > -> https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02321.html The description, while factually correct, is incomplete. The real problem is that qemu-nbd must NOT exit due to a port scan. The fact that it was exiting due to a segmentation fault makes it a little more obvious that the code was buggy, but even if NO null pointer dereference occurred, there is STILL a denial of service if a well-timed port scan is able to cause qemu-nbd to exit prior to an actual client being able to connect.
This issue has been addressed in the following products: RHEV 3.X Hypervisor and Agents for RHEL-7 RHEV 4.X RHEV-H and Agents for RHEL-7 Via RHSA-2017:1682 https://access.redhat.com/errata/RHSA-2017:1682
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:1681 https://access.redhat.com/errata/RHSA-2017:1681
This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Red Hat OpenStack Platform 11.0 (Ocata) Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 Red Hat OpenStack Platform 8.0 (Liberty) Red Hat OpenStack Platform 9.0 (Mitaka) Via RHSA-2017:2408 https://access.redhat.com/errata/RHSA-2017:2408