An integer overflow issue was found in the QEMU Guest Agent in QEMU, while reading argument list passed to the 'guest-exec' qmp command. An attacker could exploit this by sending a crafted QMP command to the agent via a listening socket to trigger the overflow. It may crash the QEMU guest agent, resulting in DoS. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.html Reference: ---------- -> https://www.openwall.com/lists/oss-security/2019/05/22/4
Acknowledgments: Name: Guoxiang Niu (huawei.com)
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1712836]
This one turned out to be a non-issue. Number of command-line arguments are capped by -> https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg05457.html QMP JSON parser to MAX_TOKEN_COUNT (2ULL << 20). It helps to avoid the said integer overflow issue. Closing this as notabug.
Statement: Red Hat Product Security determined that this flaw was not a security vulnerability. See the Bugzilla link for more details.