1204919 – (CVE-2014-9718) CVE-2014-9718 Qemu: PRDT overflow from guest to host

Bug 1204919 (CVE-2014-9718) - CVE-2014-9718 Qemu: PRDT overflow from guest to host

Summary: CVE-2014-9718 Qemu: PRDT overflow from guest to host

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2014-9718
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1205321 (view as bug list)
Depends On:	1205100 1205103 1205322 1216968
Blocks:	1169000
TreeView+	depends on / blocked

Reported:	2015-03-23 18:36 UTC by Prasad Pandit
Modified:	2021-10-21 00:44 UTC (History)
CC List:	28 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table (PRDT) data sent to the host's IDE and/or AHCI controller emulation. A privileged guest user could use this flaw to crash the system.
Clone Of:
Environment:
Last Closed:	2021-10-21 00:44:17 UTC
Embargoed:

Attachments	(Terms of Use)

Description Prasad Pandit 2015-03-23 18:36:31 UTC

Upstream Qemu is vulnerable to sending malicious PRDT data to the host's
IDE and/or AHCI controller emulation. This could result in infinite loop or memory leakage on the host leading to unbounded resource consumption on the host.

A privileged user inside guest could use this flaw to crash the system,
resulting in DoS.

Upstream fix:
-------------
  -> http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3251bdcf1c67427d964517053c3d185b46e618e8

Comment 1 Prasad Pandit 2015-03-24 08:49:45 UTC

Statement:

This issue did not affect the versions of the kvm package as shipped with Red Hat Enterprise Linux 5 and the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6.

This issue affects the version of the qemu-kvm package as shipped with Red Hat Enterprise Linux 7, a future update may address this flaw.

Comment 3 Prasad Pandit 2015-03-24 08:54:38 UTC

Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1205103]

Comment 4 Vasyl Kaigorodov 2015-03-24 17:08:11 UTC

*** Bug 1205321 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.

abaron
amit.shah
apevec
areis
berrange
carnil
cfergeau
chrisw
dallan
dwmw2
ehabkost
gkotton
itamar
knoel
lhh
lpeer
markmc
mkenneth
mrezanin
mtosatti
pbonzini
rbryant
rjones
sclewis
scottt.tw
srevivo
virt-maint
virt-maint