1500749 – Qemu: I/O: potential memory exhaustion via websock channel

Bug 1500749 - Qemu: I/O: potential memory exhaustion via websock channel

Summary: Qemu: I/O: potential memory exhaustion via websock channel

Keywords:
Status:	CLOSED DUPLICATE of bug 1496879
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1496886
TreeView+	depends on / blocked

Reported:	2017-10-11 12:06 UTC by Prasad Pandit
Modified:	2019-09-29 14:24 UTC (History)
CC List:	39 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2017-10-11 12:11:02 UTC
Embargoed:

Attachments	(Terms of Use)

Description Prasad Pandit 2017-10-11 12:06:51 UTC

Quick Emulator(Qemu) built with the I/O channels websockets support is
vulnerable to a memory leakage issue. It could occur while sending screen
updates to a client, which is slow to read and process them further.

A privileged guest user could use this flaw to cause a DoS on the host
and/or potentially crash the Qemu process instance on the host.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02278.html

Reference:
----------
  -> https://bugs.launchpad.net/qemu/+bug/1718964

Comment 1 Prasad Pandit 2017-10-11 12:11:02 UTC


*** This bug has been marked as a duplicate of bug 1496879 ***

Note You need to log in before you can comment on or make changes to this bug.

ailan
amit
apevec
areis
berrange
cfergeau
chrisw
drjones
dwmw2
imammedo
itamar
jen
jforbes
jjoyce
jschluet
kbasil
knoel
lhh
lpeer
markmc
m.a.young
mburns
mkenneth
mrezanin
mst
pbonzini
rbalakri
rbryant
rjones
rkrcmar
robinlee.sysu
sclewis
slinaber
srevivo
tdecacqu
virt-maint
virt-maint
vkuznets
xen-maint