qemu -- stack buffer overflow while parsing SCSI commands

ID A267CD6C-B0C4-11E5-8D13-BC5FF45D0F28
Type freebsd
Reporter FreeBSD
Modified 2015-07-23T00:00:00


Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the SCSI device emulation support is vulnerable to a stack buffer overflow issue. It could occur while parsing SCSI command descriptor block with an invalid operation code. A privileged(CAP_SYS_RAWIO) user inside guest could use this flaw to crash the Qemu instance resulting in DoS.