Hide Forgot
Qemu block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. An user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS. Upstream fix: ------------- vhdx: Bounds checking for block_size and logical_sector_size -> http://git.qemu.org/?p=qemu.git;a=commit;h=1d7678dec4761acdc43439da6ceda41a703ba1a6
Statement: This issue does not affect the versions of kvm package as shipped with Red Hat Enterprise Linux 5. This issue affects the versions of qemu-kvm package as shipped with Red Hat Enterprise Linux 6.
Acknowledgement: This issue was discovered by Jeff Cody of Red Hat Inc.
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1086712]
This issue has been addressed in following products: RHEV-H and Agents for RHEL-6 Via RHSA-2014:0421 https://rhn.redhat.com/errata/RHSA-2014-0421.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2014:0420 https://rhn.redhat.com/errata/RHSA-2014-0420.html
This issue has been addressed in following products: OpenStack 3 for RHEL 6 Via RHSA-2014:0435 https://rhn.redhat.com/errata/RHSA-2014-0435.html
This issue has been addressed in following products: OpenStack 4 for RHEL 6 Via RHSA-2014:0434 https://rhn.redhat.com/errata/RHSA-2014-0434.html
qemu-1.6.2-4.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: RHEV-H and Agents for RHEL-6 Via RHSA-2014:0674 https://rhn.redhat.com/errata/RHSA-2014-0674.html