Quick Emulator(QEMU) built with the PC System Emulator with multiboot feature support is vulnerable to an OOB memory access issue. It could occur while loading a kernel image during a guest boot if multiboot head addresses mh_load_end_addr was greater than mh_bss_end_addr. A user/process could use this flaw to potentially achieve arbitrary code execution on a host. Upstream patch: --------------- -> https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg01885.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2018/03/08/4
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1549799]
Acknowledgments: Name: Cyrille Chatras (Orange.com), CERT-CC (Orange.com)
This issue has been addressed in the following products: Red Hat Virtualization 4 for RHEL-7 Via RHSA-2018:1369 https://access.redhat.com/errata/RHSA-2018:1369
This issue has been addressed in the following products: Red Hat OpenStack Platform 8 Via RHSA-2018:1646 https://access.redhat.com/errata/RHSA-2018:1646 Red Hat OpenStack Platform 9 Via RHSA-2018:1645 https://access.redhat.com/errata/RHSA-2018:1645 Red Hat OpenStack Platform 10 Via RHSA-2018:1644 https://access.redhat.com/errata/RHSA-2018:1644 Red Hat OpenStack Platform 12 Via RHSA-2018:1643 https://access.redhat.com/errata/RHSA-2018:1643
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:2462 https://access.redhat.com/errata/RHSA-2018:2462