Bug 1536377 (CVE-2017-18043) - CVE-2017-18043 Qemu: integer overflow in ROUND_UP macro could result in DoS
Summary: CVE-2017-18043 Qemu: integer overflow in ROUND_UP macro could result in DoS
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2017-18043
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1536379 1536380 1536381
Blocks: 1491569
TreeView+ depends on / blocked
 
Reported: 2018-01-19 09:50 UTC by Prasad J Pandit
Modified: 2019-09-29 14:30 UTC (History)
38 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-08 03:37:34 UTC


Attachments (Terms of Use)

Description Prasad J Pandit 2018-01-19 09:50:34 UTC
Quick Emulator(Qemu) built with a macro ROUND_UP(n, d),
used to promote number 'n' to the nearest multiple of 'd',
is vulnerable to an integer overflow issue. It could occur
if 'd' is unsigned and differs in type from 'n'.

A user/process could use this flaw to crash the Qemu process
resulting in DoS.

Upstream patch:
---------------
  -> https://git.qemu.org/?p=qemu.git;a=commit;h=2098b073f398cd628c09c5a78537a6854

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2018/01/19/1

Comment 1 Prasad J Pandit 2018-01-19 09:51:04 UTC
Acknowledgments:

Name: Eric Blake (Red Hat Inc.)

Comment 2 Prasad J Pandit 2018-01-19 09:56:19 UTC
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1536380]


Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1536379]


Note You need to log in before you can comment on or make changes to this bug.