Red Hat Bugzilla – Bug 414741
CVE-2007-6227 Non-privileged user can cause the virtual CPU to crash
Last modified: 2007-12-09 14:46:16 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6227 to the following vulnerability:
QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com.
An unprivileged user can issue the code that crashes the virtual machine. The
problem is in the CPU emulation code and thus doesn't affect Xen and KVM as they
only use peripheral device emulation.
Not vulnerable. Xen and KVM, as shipped with Red Hat Enterprise Linux 5 are not
vulnerable to this issue, as they normally use only peripheral device emulation
of QEMU. In case KVM is attempted to be used and not supported by hardware, QEMU
CPU emulation code that is vulnerable to this issue is used, whis allow and
unprivileged user to cause a virtual machine crash. Red Hat does not consider
this a security issue as using KVM without hardware support for production
purposes is strongly discouraged.
What about the standalone QEMU in Fedora?
Ville standalone QEMU is affected. However due to the nature of the problem it
is not considered a security issue and is not to be handled differently than any