Quick Emulator(Qemu) built with the Network Block Device(NBD) client support is vulnerable to a stack buffer overflow issue. It could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the Qemu process. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01246.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/02/15/2
Latest upstream patch - hoping it will be merged for the release candidates https://lists.gnu.org/archive/html/qemu-devel/2017-03/msg01455.html
Will be in qemu 2.9: commit 2563c9c6b8670400c48e562034b321a7cf3d9a85 Author: Vladimir Sementsov-Ogievskiy <vsementsov> Date: Tue Mar 7 09:16:27 2017 -0600 nbd/client: fix drop_sync [CVE-2017-2630] Comparison symbol is misused. It may lead to memory corruption. Introduced in commit 7d3123e. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov> Message-Id: <20170203154757.36140-6-vsementsov> [eblake: add CVE details, update conditional] Signed-off-by: Eric Blake <eblake> Reviewed-by: Marc-André Lureau <marcandre.lureau> Message-Id: <20170307151627.27212-1-eblake> Signed-off-by: Paolo Bonzini <pbonzini>
This issue has been addressed in the following products: RHEV 4.X RHEV-H and Agents for RHEL-7 Via RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2392