1374702 – (CVE-2016-7170) CVE-2016-7170 Qemu: vmware_vga: OOB stack memory access when processing svga command

Bug 1374702 (CVE-2016-7170) - CVE-2016-7170 Qemu: vmware_vga: OOB stack memory access when processing svga command

Summary: CVE-2016-7170 Qemu: vmware_vga: OOB stack memory access when processing svga ...

Keywords:
Status:	CLOSED UPSTREAM
Alias:	CVE-2016-7170
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1329193 (view as bug list)
Depends On:	1374709 1398112 1398113 1398114 1398115 1398117 1398118 1398119 1398120 1398121 1398122 1398123 1398124
Blocks:	1329196 1348571 1370384
TreeView+	depends on / blocked

Reported:	2016-09-09 13:01 UTC by Prasad Pandit
Modified:	2021-02-17 03:21 UTC (History)
CC List:	40 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	Quick Emulator (QEMU) built with the VMware-SVGA chipset emulation support is vulnerable to an OOB stack memory write issue. It could occur while processing VGA commands in 'vmsvga_fifo_run' routine. A privileged user inside guest could use this flaw to crash the QEMU process resulting in DoS.
Clone Of:
Environment:
Last Closed:	2016-12-09 09:00:57 UTC
Embargoed:

Attachments	(Terms of Use)

Description Prasad Pandit 2016-09-09 13:01:55 UTC

Quick Emulator(Qemu) built with the VMware-SVGA "chipset" emulation support
is vulnerable to an OOB stack memory write issue. It could occur while
processing VGA commands in 'vmsvga_fifo_run' routine.

A privileged user inside guest could use this flaw to crash the Qemu process
resulting in DoS.

Upstream fix:
-------------
  -> git.qemu.org/?p=qemu.git;a=commit;h=167d97a3def77ee2dbf6e908b0ecbfe2103977db

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2016/09/09/7

Comment 1 Prasad Pandit 2016-09-09 13:02:31 UTC

Acknowledgments:

Name: Qinghao Tang, Li Qiang (360.cn Inc.)

Comment 2 Prasad Pandit 2016-09-09 13:04:16 UTC

Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1374709]

Comment 12 Prasad Pandit 2017-01-12 18:18:43 UTC

*** Bug 1329193 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.

ailan
amaris
amit.shah
aortega
apevec
areis
armbru
ayoung
berrange
cfergeau
chrisw
cvsbot-xmlrpc
drjones
dwmw2
imammedo
itamar
jen
jschluet
kbasil
knoel
lhh
lpeer
markmc
m.a.young
mkenneth
mrezanin
mst
pbonzini
ppandit
rbalakri
rbryant
rjones
rkrcmar
sclewis
srevivo
tdecacqu
virt-maint
virt-maint
vkuznets
xen-maint