FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

qemu -- denial of service vulnerability in MegaRAID SAS HBA emulation

Affected packages
qemu < 2.5.0
qemu-devel < 2.5.0
qemu-sbruno < 2.5.50.g20160213
qemu-user-static < 2.5.50.g20160213

Details

VuXML ID b3f9f8ef-b1bb-11e5-9728-002590263bf5
Discovery 2015-12-21
Entry 2016-01-03
Modified 2016-07-06

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the SCSI MegaRAID SAS HBA emulation support is vulnerable to a stack buffer overflow issue. It occurs while processing the SCSI controller's CTRL_GET_INFO command. A privileged guest user could use this flaw to crash the Qemu process instance resulting in DoS.

References

CVE Name CVE-2015-8613
FreeBSD PR ports/205813
FreeBSD PR ports/205814
URL http://git.qemu.org/?p=qemu.git;a=commit;h=36fef36b91f7ec0435215860f1458b5342ce2811
URL http://www.openwall.com/lists/oss-security/2015/12/21/7
URL https://github.com/seanbruno/qemu-bsd-user/commit/36fef36b91f7ec0435215860f1458b5342ce2811
URL https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03737.html