oss-sec mailing list archives
Re: CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks
From: <cve-assign () mitre org>
Date: Thu, 8 Dec 2016 01:38:18 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Quick Emulator(Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to memory leakage issue. It could occur via its '9p-handle' or '9p-proxy' backend drivers as they do not free their respective allocated data objects. A privileged user inside guest could use this flaw to leak host memory, thus affecting other services on the host and/or potentially crash the Qemu process on the host. https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
9pfs: adjust the order of resource cleanup in device unrealize http://git.qemu.org/?p=qemu.git;a=commit;h=4774718e5c194026ba5ee7a28d9be49be3080e42
Use CVE-2016-9913.
9pfs: add cleanup operation in FileOperations http://git.qemu.org/?p=qemu.git;a=commit;h=702dbcc274e2ca43be20ba64c758c0ca57dab91d
Use CVE-2016-9914.
9pfs: add cleanup operation for handle backend driver http://git.qemu.org/?p=qemu.git;a=commit;h=971f406b77a6eb84e0ad27dcc416b663765aee30
Use CVE-2016-9915.
9pfs: add cleanup operation for proxy backend driver http://git.qemu.org/?p=qemu.git;a=commit;h=898ae90a44551d25b8e956fd87372d303c82fe68
Use CVE-2016-9916. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYSPwLAAoJEHb/MwWLVhi2DDYP/2J/BVlx1Mb5J7Xm+kF4f2mS FAI/6LOEmrlhzq89mOW1sHCcM6ocAFaeW7EDyv8+fo+Dy0c45a/fpAKNNtQNIpGz /8gmkXYsFpz52WJ+JAqkLHGSm859+zOUq61JIhJf0KWsuxvqi+OH214qXxkHSxG9 a/Qd2Q3giiPPVp+3geOlGG4+b9kbyA89utr3dMQ+pNa+66pm3Pu6vuu9SZNq2uMp fq6Oc2hRYfj+jVbMVbCfQyJfBXxBdgyX89U6ehpFyaEGmlrfd78WuAyYQ9qEaoDF ivyGJt+J4koqx2qwjFyMDR8lKZ9rCffXkCm3mavamNzG9FnV3qpCxI/4DloveAWn 3cqVFx+b5NcMOpPSiLVNTLchsPoRUsH3jJWGwqBlcShhB5GE7KQ3BJrRfFPyEVtq rAOHB42Z16I2y6z0xOxuu8Vafc2egNJegIYXfYZfF+2OOtxmGykjnb0IERgMeptZ aahBOwremjQPEyQB9yIFcrovfUVHtx3ofnfqWqW4BoV0AyN5wAQoK+8smq91ZaJn fqTtd5rtKBNld4jsbUaX0Udui6Gcy/FQNuT9dBAyuObOoreXEgSWx099h40W+R69 ZG63UhFFNlb9jtZ88azaA54IMdETf8FLaUwdk7K7lNUCsPLI1cbM+3XNQhYHRjmL XWqSVQ6M+yZo0z5gEnN7 =ezyO -----END PGP SIGNATURE-----
Current thread:
- CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks P J P (Dec 06)
- Re: CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks cve-assign (Dec 07)