A null pointer dereference issue was found in the Floppy disk emulator of QEMU. It could occur while transferring data via fdctrl_read_data(), fdctrl_write_data() routines, if current drive has a null block pointer. A guest may use this flaw to crash the QEMU process on the host resulting in DoS scenario. Upstream patch: --------------- -> https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg07779.html
Acknowledgments: Name: Sergej Schumilo (Ruhr-University Bochum), Cornelius Aschermann (Ruhr-University Bochum), Simon Wrner (Ruhr-University Bochum)
External References: https://www.openwall.com/lists/oss-security/2020/09/29/1 https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Ffdc_nullptr1
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1881402] Created xen tracking bugs for this issue: Affects: fedora-all [bug 1881403]