Описание
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.
A heap buffer overflow issue was found in the load_device_tree() function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potentially execute arbitrary code on a host system with privileges of the QEMU process.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kvm | Not affected | ||
| Red Hat Enterprise Linux 5 | xen | Not affected | ||
| Red Hat Enterprise Linux 6 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm | Not affected | ||
| Red Hat OpenStack Platform 8 (Liberty) | qemu-kvm-rhev | Affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-ma | Fixed | RHSA-2019:1881 | 29.07.2019 |
| Red Hat Enterprise Linux 8 | virt | Fixed | RHSA-2019:1175 | 14.05.2019 |
| Red Hat OpenStack Platform 10.0 (Newton) | qemu-kvm-rhev | Fixed | RHSA-2019:1723 | 10.07.2019 |
| Red Hat OpenStack Platform 13.0 (Queens) | qemu-kvm-rhev | Fixed | RHSA-2019:1743 | 10.07.2019 |
| Red Hat OpenStack Platform 14.0 (Rocky) | qemu-kvm-rhev | Fixed | RHSA-2019:1667 | 02.07.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated ...
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.
Уязвимость функции load_device_tree эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю выполнять произвольный код
EPSS
7 High
CVSS3