Описание
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| qemu | fixed | 1:7.1+dfsg-1 | package | |
| qemu | fixed | 1:5.2+dfsg-11+deb11u3 | bullseye | package |
| qemu | no-dsa | stretch | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=1951118
https://gitlab.com/qemu-project/qemu/-/commit/defac5e2fbddf8423a354ff0454283a2115e1367 (v7.1.0-rc0)
https://gitlab.com/qemu-project/qemu/-/commit/46609b90d9e3a6304def11038a76b58ff43f77bc (v7.1.0-rc0)
EPSS
Связанные уязвимости
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.
Уязвимость функции fdctrl_transfer_handler() компонента hw/block/fdc.c эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
EPSS