oss-sec mailing list archives
Re: CVE request Qemu: 9pfs: potential NULL dereferencein 9pfs routines
From: cve-assign () mitre org
Date: Mon, 10 Oct 2016 13:53:32 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Quick Emulator(Qemu) built with the virtio-9p back-end support is vulnerable to a null pointer dereference issue. It could occur while doing an I/O vector unmarshalling operation in v9fs_iov_vunmarshal() routine. A privileged user/process inside guest could use this flaw to crash the Qemu process instance resulting in DoS. https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07143.html
Use CVE-2016-8578. This is not yet available at http://git.qemu.org/?p=qemu.git;a=history;f=fsdev/9p-iov-marshal.c but that may be an expected place for a later update. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX+9Q5AAoJEHb/MwWLVhi2mwMP/0jl7A1btTRICOrx2gAEjWOR +q8XeDpGWNXOKf1+XKpVPwrwLZ7jDuvuR3VfBgwOtpA7hMoLAcIX8G6m+FlLHwlX dJafKAaunKt0L4LFV0l8Qbe2vSITJHF8yY8ftfEkRjx+yozwh4waJYPsmU4M1Akr atzlUD24VsiW7UFfITEFC6N428ms2ReYL5P6o0uRgoXWVo8/3uBpaj7daH6BaCzb 1MBBcbV5Zn/qSDSM115WcN2rO3W3jBL2chUPAd/rJlr0JqiVFCVxodFvrW0Tl0Jp K5InpRCqpBrPZrWMRFDaZj8Saf+6IWI5Q0WI15DqJXQtnJMgndEksAIJWT7SboIL FVROFUlO7XkICK0riBgJVAV+ZII7u8IJ0dchxV555dErvsVneJllpQag9iisN9Hj PAXg2I+kbPAb1DWoXhUDbzg/HcNgvHUk+6GYZUHAMVbp6ENggCrHmEj9R5zxRatD vmpgv+OVhlRTCBsvDNDILSALk6TRWM5Ol6/iLHC+qBXbcRNi5kYdGAXZk5bvT1IW BnQeRLlotkFFmY3BWVvj9r4phLfjS4AHDIslI+oRYRroe4Dm+sSYky3N6+yZVMuH Cyh1g1X7sI7fiBA9lCJzMCYBsmnsE6Fk6tA+NqHmk3zU3lR8tSXtVpbNv15vL4XO AgAKlVBqomng0+P1MIeh =L1Fq -----END PGP SIGNATURE-----
Current thread:
- CVE request Qemu: 9pfs: potential NULL dereferencein 9pfs routines P J P (Oct 10)
- Re: CVE request Qemu: 9pfs: potential NULL dereferencein 9pfs routines cve-assign (Oct 10)