Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30745
HistoryMay 15, 2014 - 12:00 a.m.

[oss-security] CVE request: Qemu: usb: fix up post load checks

2014-05-1500:00:00
vulners.com
15
JSON

Hello,

Correct post load checks:

  1. dev->setup_len == sizeof(dev->data_buf)
    seems fine, no need to fail migration
  2. When state is DATA, passing index > len
    will cause memcpy with negative length,
    resulting in heap overflow

An user able to alter the saved VM data(either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

Upstream fix:

-> http://article.gmane.org/gmane.comp.emulators.qemu/272322

Thank you.

Prasad J Pandit / Red Hat Security Response Team

JSON