Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1471638 (CVE-2017-11334) - CVE-2017-11334 Qemu: exec: oob access during dma operation
Summary: CVE-2017-11334 Qemu: exec: oob access during dma operation
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2017-11334
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1471639 1471640 1471641 1471642 1471643 1471644 1471645 1471646 1471647 1471648 1472185 1474625 1520683
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-07-17 07:18 UTC by Prasad Pandit
Modified: 2021-02-17 01:55 UTC (History)
41 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Quick Emulator (QEMU), compiled with qemu_map_ram_ptr to access guests' RAM block area, is vulnerable to an OOB r/w access issue. The crash can occur if a privileged user inside a guest conducts certain DMA operations, resulting in a DoS.
Clone Of:
Environment:
Last Closed: 2019-06-08 03:16:39 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:3369 0 normal SHIPPED_LIVE Moderate: qemu-kvm-rhev security and bug fix update 2017-12-01 01:33:08 UTC
Red Hat Product Errata RHSA-2017:3466 0 normal SHIPPED_LIVE Moderate: qemu-kvm-rhev security and bug fix update 2017-12-15 03:11:38 UTC
Red Hat Product Errata RHSA-2017:3470 0 normal SHIPPED_LIVE Moderate: qemu-kvm-rhev security and bug fix update 2017-12-15 03:10:57 UTC
Red Hat Product Errata RHSA-2017:3471 0 normal SHIPPED_LIVE Moderate: qemu-kvm-rhev security and bug fix update 2017-12-15 03:10:12 UTC
Red Hat Product Errata RHSA-2017:3472 0 normal SHIPPED_LIVE Moderate: qemu-kvm-rhev security update 2017-12-15 03:13:26 UTC
Red Hat Product Errata RHSA-2017:3473 0 normal SHIPPED_LIVE Moderate: qemu-kvm-rhev security update 2017-12-15 03:15:13 UTC
Red Hat Product Errata RHSA-2017:3474 0 normal SHIPPED_LIVE Moderate: qemu-kvm-rhev security and bug fix update 2017-12-15 03:12:34 UTC

Description Prasad Pandit 2017-07-17 07:18:14 UTC
Qemu emulator built to use 'qemu_map_ram_ptr' to access guests' ram block area
is vulnerable to a OOB r/w access issue. It could occur during a DMA operation.

A privileged user inside guest could use this flaw to crash the guest instance
resulting in DoS.

Upstream patch:
---------------
  -> https://git.qemu.org/?p=qemu.git;a=commitdiff;h=04bf2526ce87f21b32c9acba1c5518708c243ad0

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2017/07/17/4

Comment 1 Prasad Pandit 2017-07-17 07:18:47 UTC
Acknowledgments:

Name: Alex

Comment 2 Prasad Pandit 2017-07-17 07:20:29 UTC
Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1471640]

Comment 3 Prasad Pandit 2017-07-17 07:20:48 UTC
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1471639]

Comment 12 errata-xmlrpc 2017-11-30 20:33:29 UTC
This issue has been addressed in the following products:

  RHEV 4.X RHEV-H and Agents for RHEL-7

Via RHSA-2017:3369 https://access.redhat.com/errata/RHSA-2017:3369

Comment 16 errata-xmlrpc 2017-12-14 22:14:27 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 8.0 (Liberty)

Via RHSA-2017:3471 https://access.redhat.com/errata/RHSA-2017:3471

Comment 17 errata-xmlrpc 2017-12-14 22:17:31 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 9.0 (Mitaka)

Via RHSA-2017:3470 https://access.redhat.com/errata/RHSA-2017:3470

Comment 18 errata-xmlrpc 2017-12-14 22:19:35 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 11.0 (Ocata)

Via RHSA-2017:3466 https://access.redhat.com/errata/RHSA-2017:3466

Comment 19 errata-xmlrpc 2017-12-14 22:21:22 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 10.0 (Newton)

Via RHSA-2017:3474 https://access.redhat.com/errata/RHSA-2017:3474

Comment 20 errata-xmlrpc 2017-12-14 22:23:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7

Via RHSA-2017:3472 https://access.redhat.com/errata/RHSA-2017:3472

Comment 21 errata-xmlrpc 2017-12-14 22:25:14 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7

Via RHSA-2017:3473 https://access.redhat.com/errata/RHSA-2017:3473


Note You need to log in before you can comment on or make changes to this bug.