Bug 414741 (CVE-2007-6227) - CVE-2007-6227 Non-privileged user can cause the virtual CPU to crash
Summary: CVE-2007-6227 Non-privileged user can cause the virtual CPU to crash
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2007-6227
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-12-06 20:02 UTC by Lubomir Kundrak
Modified: 2007-12-09 19:46 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2007-12-06 20:26:12 UTC
Embargoed:


Attachments (Terms of Use)

Description Lubomir Kundrak 2007-12-06 20:02:27 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6227 to the following vulnerability:

QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com.

References:

http://www.securityfocus.com/archive/1/archive/1/484429/100/0/threaded
http://www.securityfocus.com/bid/26666

Comment 1 Lubomir Kundrak 2007-12-06 20:19:27 UTC
An unprivileged user can issue the code that crashes the virtual machine. The
problem is in the CPU emulation code and thus doesn't affect Xen and KVM as they
only use peripheral device emulation.

Comment 2 Lubomir Kundrak 2007-12-06 20:26:12 UTC
Not vulnerable. Xen and KVM, as shipped with Red Hat Enterprise Linux 5 are not
vulnerable to this issue, as they normally use only peripheral device emulation
of QEMU. In case KVM is attempted to be used and not supported by hardware, QEMU
CPU emulation code that is vulnerable to this issue is used, whis allow and
unprivileged user to cause a virtual machine crash. Red Hat does not consider
this a security issue as using KVM without hardware support for production
purposes is strongly discouraged.

Comment 3 Ville Skyttä 2007-12-09 19:37:42 UTC
What about the standalone QEMU in Fedora?

Comment 4 Lubomir Kundrak 2007-12-09 19:46:16 UTC
Ville standalone QEMU is affected. However due to the nature of the problem it
is not considered a security issue and is not to be handled differently than any
other bug.


Note You need to log in before you can comment on or make changes to this bug.