An out-of-bounds read access issue was found in the SD Memory Card emulator of the QEMU. It occurs while performing block write commands via sdhci_write(), if a guest user has sent 'address' which is OOB of 's->wp_groups'. A guest user/process may use this flaw to crash the QEMU process resulting in DoS. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1838547] Created xen tracking bugs for this issue: Affects: fedora-all [bug 1838548]
Acknowledgments: Name: Alexander Bulekov
External References: https://bugs.launchpad.net/qemu/+bug/1880822 https://www.openwall.com/lists/oss-security/2020/05/27/2