Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1549798 - (CVE-2018-7550) CVE-2018-7550 QEMU: i386: multiboot OOB access while loading kernel image
CVE-2018-7550 QEMU: i386: multiboot OOB access while loading kernel image
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20180227,repor...
: Security
Depends On: 1549803 1549799 1549802 1549820 1549821 1549822 1549823 1549824 1549825 1549826 1549827 1549828 1549829 1549926 1549927
Blocks: 1547556
  Show dependency treegraph
 
Reported: 2018-02-27 15:35 EST by Prasad J Pandit
Modified: 2018-09-23 22:28 EDT (History)
41 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mh_load_end_addr address is greater than the mh_bss_end_addr address. A user or process could use this flaw to potentially achieve arbitrary code execution on a host.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:1369 None None None 2018-05-10 12:05 EDT
Red Hat Product Errata RHSA-2018:2462 None None None 2018-08-16 10:17 EDT

  None (edit)
Description Prasad J Pandit 2018-02-27 15:35:19 EST 
Quick Emulator(QEMU) built with the PC System Emulator with multiboot feature
support is vulnerable to an OOB memory access issue. It could occur while
loading a kernel image during a guest boot if multiboot head addresses
mh_load_end_addr was greater than mh_bss_end_addr.

A user/process could use this flaw to potentially achieve arbitrary code
execution on a host.

Upstream patch:
---------------
  -> https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg01885.html

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2018/03/08/4
Comment 1 Prasad J Pandit 2018-02-27 15:36:03 EST 
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1549799]
Comment 5 Prasad J Pandit 2018-02-27 15:51:08 EST 
Acknowledgments:

Name: Cyrille Chatras (Orange.com), CERT-CC (Orange.com)
Comment 9 errata-xmlrpc 2018-05-10 12:04:48 EDT 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for RHEL-7

Via RHSA-2018:1369 https://access.redhat.com/errata/RHSA-2018:1369
Comment 10 Joshua Padman 2018-06-07 00:50:16 EDT 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 8
Via RHSA-2018:1646 https://access.redhat.com/errata/RHSA-2018:1646

  Red Hat OpenStack Platform 9
Via RHSA-2018:1645 https://access.redhat.com/errata/RHSA-2018:1645

  Red Hat OpenStack Platform 10
Via RHSA-2018:1644 https://access.redhat.com/errata/RHSA-2018:1644

  Red Hat OpenStack Platform 12
Via RHSA-2018:1643 https://access.redhat.com/errata/RHSA-2018:1643
Comment 11 errata-xmlrpc 2018-08-16 10:17:17 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:2462 https://access.redhat.com/errata/RHSA-2018:2462
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.