A null pointer dereference issue was found in the IDE disk emulator of QEMU. It could occur while cancelling an i/o operation via ide_cancel_dma_sync() routine, if a block drive pointer is null. A guest may use this flaw to crash the QEMU process on the host resulting in DoS scenario. Upstream patch: --------------- -> https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01568.html
Acknowledgments: Name: Sergej Schumilo (Ruhr-University Bochum), Cornelius Aschermann (Ruhr-University Bochum), Simon Wrner (Ruhr-University Bochum)
External References: https://www.openwall.com/lists/oss-security/2020/09/29/1 https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1b
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1883453] Created xen tracking bugs for this issue: Affects: fedora-all [bug 1883454]
Statement: In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP qemu-kvm-rhev package.