Описание
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
A flaw was found in QEMU. An out-of-bounds read/write access issue was found in the USB OHCI controller emulator. This issue occurs while servicing transfer descriptors (TD), as the OHCI controller derives variables 'start_addr', 'end_addr', and 'len' from values supplied by the host controller driver. The host controller driver may supply values when using these variables, leading to an out-of-bounds access issue. This flaw allows a guest user or process to crash the QEMU process on the host, resulting in a denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kvm | Not affected | ||
| Red Hat Enterprise Linux 5 | xen | Not affected | ||
| Red Hat Enterprise Linux 6 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-ma | Will not fix | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-rhev | Not affected | ||
| Red Hat Enterprise Linux 8 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 9 | qemu-kvm | Not affected |
Показывать по
Дополнительная информация
Статус:
5 Medium
CVSS3
Связанные уязвимости
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via ...
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
Уязвимость драйвера хост-контроллера эмулятора аппаратного обеспечения QEMU, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
5 Medium
CVSS3