Описание
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.
A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table (PRDT) data sent to the host's IDE and/or AHCI controller emulation. A privileged guest user could use this flaw to crash the system.
Отчет
This issue did not affect the versions of the kvm package as shipped with Red Hat Enterprise Linux 5 and the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6. This issue affects the version of the qemu-kvm package as shipped with Red Hat Enterprise Linux 7, a future update may address this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kvm | Not affected | ||
| Red Hat Enterprise Linux 6 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm | Affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-rhev | Affected | ||
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 | qemu-kvm-rhev | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 | qemu-kvm-rhev | Affected | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | qemu-kvm-rhev | Affected | ||
| Red Hat OpenStack Platform 4 | qemu-kvm-rhev | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.6 Medium
CVSS2
Связанные уязвимости
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in ...
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.
EPSS
4.6 Medium
CVSS2