An OOB access issue was found in the ES1370 audio device emulator of the QEMU. The issue occurs in 'audio_pcm_sw_read', while reading audio byte stream from a channel, if the channel frame count is set to a malicious value. A guest user/process may use this flaw to crash the QEMU process on the host resulting in DoS scenario. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html Reference: ---------- -> https://www.openwall.com/lists/oss-security/2020/05/28/1
Acknowledgments: Name: Ren Ding (SSLab Georgia Tech), Hanqing Zhao (SSLab Georgia Tech)
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1840985] Created xen tracking bugs for this issue: Affects: fedora-all [bug 1840986]