Red Hat Bugzilla – Bug 444583
CVE-2008-2004 qemu/kvm/xen: qemu block format auto-detection vulnerability
Last modified: 2009-09-11 05:03:51 EDT
Description of problem:
Chris Wright has reported the following kvm qemu block format issue:
It is possible for a guest with a raw formatted disk image to write a
header to that disk image describing another format (such as qcow2).
Stopping and subsequent restart of the guest will cause qemu to detect
that format, and could allow the guest to read any host file if qemu is
sufficiently privileged (typical in virt environments).
The patch defaults to existing behaviour (probing based on file contents),
so it still requires the mgmt app (e.g. libvirt xml) to pass a new
"format=raw" parameter for raw disk images.
Created attachment 304107 [details]
Proposed patch for kvm from Chris Wright
Created attachment 304108 [details]
Proposed patch for qemu from Chris Wright and Aurelien Jarno
Committed in upstream SVN:
Proposed patch adds additional parameter -- format=XXX -- to -drive command line
option used by qemu(-kvm), but format auto-detection is still the default. So
by itself, the patch does not resolve the issue.
Users will have to specify parameter 'format=raw' explicitly if they are running
qemu(-kvm) directly and they use disks with raw format. Adding support for this
new option to libvirt should probably be considered.
This was fixed in all of the relevant streams, so closing out this tracker but as CURRENTRELEASE.