Bug 2238291 (CVE-2023-42467) - CVE-2023-42467 QEMU: am53c974: denial of service due to division by zero
Summary: CVE-2023-42467 QEMU: am53c974: denial of service due to division by zero
Keywords:
Status: NEW
Alias: CVE-2023-42467
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2238573 2238578
Blocks: 2238294
TreeView+ depends on / blocked
 
Reported: 2023-09-11 09:15 UTC by ybuenos
Modified: 2024-04-30 09:35 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A denial of service vulnerability was found in the qemu package. A division by zero in the scsi_disk_reset function can cause QEMU and the guest to stop immediately.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:2135 0 None None None 2024-04-30 09:35:45 UTC

Description ybuenos 2023-09-11 09:15:49 UTC 
QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.

https://gitlab.com/thuth/qemu/-/commit/3f91104484e5bf55b56d7e1b039a4a5a17d0c1a7
https://gitlab.com/qemu-project/qemu/-/issues/1813
Comment 2 Marian Rehak 2023-09-12 13:59:57 UTC 
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 2238573]
Comment 8 errata-xmlrpc 2024-04-30 09:35:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2135 https://access.redhat.com/errata/RHSA-2024:2135
Note You need to log in before you can comment on or make changes to this bug.