oss-sec mailing list archives
Re: CVE request Qemu: 9pfs: memory leakage when creating extended attribute
From: <cve-assign () mitre org>
Date: Sun, 30 Oct 2016 15:40:41 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Quick Emulator(Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to memory leakage issue. It could occur while creating extended attribute via 'Txattrcreate' message. A privileged user inside guest could use this flaw to leak host memory, thus affecting other services on the host and/or potentially crash the Qemu process on the host. https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01861.html https://bugzilla.redhat.com/show_bug.cgi?id=1389550 http://git.qemu.org/?p=qemu.git;a=commit;h=ff55e94d23ae94c8628b0115320157c763eb3e06
The 'fs.xattr.value' field in V9fsFidState object doesn't consider the situation that this field has been allocated previously. Every time, it will be allocated directly.
Use CVE-2016-9102. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYFkttAAoJEHb/MwWLVhi2xs4QAJlln60/IgqnAibO5sPIrDV8 IpxLE3wpjyOipSnO9tAQNTy80dZFrKhNTh+MsZYI28ttFrJlL6Upx2Vfx6YknnN/ v7B+Obih4Z+V9O1q4j9mldmEIjIJ4pBylRjnB/jn4Kq+Mios5lPZjs9OJqry55KQ 1BOqC+WaZSs+FuyMU9fRp3/VTZIEKIXp4BHZ/qBx7pGwcUtGllqmuUmQAluiQDEA 8WAX1nuMld09naulyEjR4cdYhDb8nTLMYq2ZOc/epOomcVbChXGByrkMGK1K7RZO JfSLV9ptmR1w3g2PRSIOUQrMEnvkQrHbHgyy95cfnUBRG/gVbihIb5DW7dF6VEZ6 bzylN3jSBKoOd8mb6oIG1qlhGnQ01Rok8wIcE4RGIz55BcPK8K62tSdirasfQ0dG ZWG37889erHjd7SUJs4H6fxz+JfUXeZXZ5YeJCY1eKaTly4IvZy2P2k4LmE5NmvT fYcp+8QNV/ukSZ2Ws0496mmqe50/CGfX3he4QmdCAkTv6TikbTO9m19bEyxk8yKl 0OQvcVSYGnfXJ2WNC/6pPhPY1pTP/hamp2f7THdM9XrkwJANKzoAbCPYKlN46bSv rMkL0xHWWfxFVebTINJ77aYCNV6nA1xy+12aPitusmcbNFJVCb3MUHA1POEjamFL 1f6bLO4tTEun2gK4MLKm =YQ2j -----END PGP SIGNATURE-----
Current thread:
- CVE request Qemu: 9pfs: memory leakage when creating extended attribute P J P (Oct 27)
- Re: CVE request Qemu: 9pfs: memory leakage when creating extended attribute cve-assign (Oct 30)