An out-of-bound stack buffer r/w access issue was found in QEMU's generic RDMA back-end implementation. It could occur when a driver tries to build scatter/gather element's array in build_host_sge_array() routine. A guest user/process could use this flaw to crash the QEMU process resulting in DoS. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02822.html Reference: ---------- -> https://www.openwall.com/lists/oss-security/2018/12/18/2
Acknowledgments: Name: Saar Amar
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1660373]