oss-sec mailing list archives
Re: CVE request: Qemu: usb: ehci: memory leakage in ehci_init_transfer
From: <cve-assign () mitre org>
Date: Thu, 8 Dec 2016 01:35:37 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Quick Emulator(Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. http://git.qemu.org/?p=qemu.git;a=commit;h=791f97758e223de3290592d169f8e6339c281714
it doesn't free the 'p->sgl'
Use CVE-2016-9911. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYSPv+AAoJEHb/MwWLVhi2zvsP/3xTTHAxpT0SXnVo/5KFX/lC ANh7j1y2R9GVOBkwczTqD0MFwNDEM1FVVzhE9XVu4TLaJ7PYgsQzPpT6K+nI+Vhs fWq7rHIgclE9X4MP94N/sMYyE4oZZ35uJm0qLnXxItiGoeFKTNkWHtw1SPSzRRIK UfJ+PaA14SSts9XJquaxNf/kEYpKFhtGfrU5rsQc1XxSxMHhlBRdwOFLbMqopFhN oes/HFAwqmXpdmqxvUmvBhvcH4HR5+8RB4W9wM5wU+EAirYTSA8g2LQQiiFna2B7 ES0ef9tZ/2PelYnExPj51Xl6xe5xbSML1z4MpxDX7GLyo/3oqM7/bLzFU7vnzsL1 tA0UM5ipwb0An6TQDX285nGToTQU2KYbVYghz81F9Sro+GkVFPov5rq0s8bH54m0 4GruXSeGGL7YKlOYPCq03p+stCXjUZS2d53qwPKMBBLmtomuGMK6LaUZnQQSn44V h7tphm8Hvapb86rBkixCA5xXBvwSGdX5QZy23Ppr2FBrfkGT4VEpWBdCEkn9Y3q2 UUs8MdH9XRTlmqdfLf5EJPI53eIhxFVdBQV9VPb+qzuLtDt6ei24p5EPUZACUte7 69cwfYegHyJnSXfL/FNuWDcdf2qsc0P1vh5Ka2QwUDVyRSl9Ef8qCt899aFRNsy5 xUILseRrS8HSXuXKTtrR =yc/x -----END PGP SIGNATURE-----
Current thread:
- CVE request: Qemu: usb: ehci: memory leakage in ehci_init_transfer P J P (Dec 06)
- Re: CVE request: Qemu: usb: ehci: memory leakage in ehci_init_transfer cve-assign (Dec 07)