Red Hat Bugzilla – Bug 414741
CVE-2007-6227 Non-privileged user can cause the virtual CPU to crash
Last modified: 2007-12-09 14:46:16 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6227 to the following vulnerability: QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com. References: http://www.securityfocus.com/archive/1/archive/1/484429/100/0/threaded http://www.securityfocus.com/bid/26666
An unprivileged user can issue the code that crashes the virtual machine. The problem is in the CPU emulation code and thus doesn't affect Xen and KVM as they only use peripheral device emulation.
Not vulnerable. Xen and KVM, as shipped with Red Hat Enterprise Linux 5 are not vulnerable to this issue, as they normally use only peripheral device emulation of QEMU. In case KVM is attempted to be used and not supported by hardware, QEMU CPU emulation code that is vulnerable to this issue is used, whis allow and unprivileged user to cause a virtual machine crash. Red Hat does not consider this a security issue as using KVM without hardware support for production purposes is strongly discouraged.
What about the standalone QEMU in Fedora?
Ville standalone QEMU is affected. However due to the nature of the problem it is not considered a security issue and is not to be handled differently than any other bug.