Quick Emulator(Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an integer overflow issue. It could occur by accessing xattributes values. A privileged user inside guest could use this flaw to crash the Qemu process instance resulting in DoS. Upstream patches: ----------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html Reference: ---------- -> http://wiki.qemu.org/Documentation/9psetup
Acknowledgments: Name: Li Qiang (360.cn Inc.)
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1389689]
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1389687]
CVE assignment: http://seclists.org/oss-sec/2016/q4/280
commit dd28fbbc2edc0822965d402d927ce646326d6954 Author: Li Qiang <liqiang6-s> Date: Tue Nov 1 12:00:40 2016 +0100 9pfs: add xattrwalk_fid field in V9fsXattr struct commit 8495f9ad26d398f01e208a53f1a5152483a16084 Author: Li Qiang <liqiang6-s> Date: Tue Nov 1 12:00:40 2016 +0100 9pfs: convert 'len/copied_len' field in V9fsXattr to the type of uint64_t commit 7e55d65c56a03dcd2c5d7c49d37c5a74b55d4bd6 Author: Li Qiang <liqiang6-s> Date: Tue Nov 1 12:00:40 2016 +0100 9pfs: fix integer overflow issue in xattr read/write