[Secure-testing-team] Bug#808131: CVE-2015-7549: msi-x null-pointer dereference issue in qemu-system
Michael Tokarev
mjt at tls.msk.ru
Wed Dec 16 11:01:16 UTC 2015
Source: qemu
Version: 1:2.1+dfsg-12+deb8u4
Severity: important
Tags: security patch upstream fixed-upstream
Qemu emulator built with the PCI MSI-X support is vulnerable to null pointer
dereference issue. It occurs when the controller attempts to write to the
pending bit array(PBA) memory region. Because the MSI-X MMIO support did not
define the .write method.
A privileges used inside guest could use this flaw to crash the Qemu process
resulting in DoS issue.
Upstream fix:
-------------
-> http://git.qemu.org/?p=qemu.git;a=commit;h=43b11a91dd861a946b231b89b754285
CVE-2015-7549 has been assigned to this issue by Red Hat Inc.
This issue was reported by Qinghao Tang of QIHU 360 Marvel Team.
(from http://www.openwall.com/lists/oss-security/2015/12/14/2)
More information about the Secure-testing-team
mailing list