Bug 2238291 (CVE-2023-42467) - CVE-2023-42467 QEMU: am53c974: denial of service due to division by zero
Summary: CVE-2023-42467 QEMU: am53c974: denial of service due to division by zero
Keywords:
Status: NEW
Alias: CVE-2023-42467
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2238573 2238578
Blocks: 2238294
TreeView+ depends on / blocked
 
Reported: 2023-09-11 09:15 UTC by ybuenos
Modified: 2023-10-31 16:29 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A denial of service vulnerability was found in the qemu package. A division by zero in the scsi_disk_reset function can cause QEMU and the guest to stop immediately.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description ybuenos 2023-09-11 09:15:49 UTC
QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.

https://gitlab.com/thuth/qemu/-/commit/3f91104484e5bf55b56d7e1b039a4a5a17d0c1a7
https://gitlab.com/qemu-project/qemu/-/issues/1813

Comment 2 Marian Rehak 2023-09-12 13:59:57 UTC
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 2238573]


Note You need to log in before you can comment on or make changes to this bug.