Source: qemu Version: 1:2.1+dfsg-12+deb8u4 Severity: important Tags: security patch upstream fixed-upstream
Qemu emulator built with the PCI MSI-X support is vulnerable to null pointer dereference issue. It occurs when the controller attempts to write to the pending bit array(PBA) memory region. Because the MSI-X MMIO support did not define the .write method. A privileges used inside guest could use this flaw to crash the Qemu process resulting in DoS issue. Upstream fix: ------------- -> http://git.qemu.org/?p=qemu.git;a=commit;h=43b11a91dd861a946b231b89b754285 CVE-2015-7549 has been assigned to this issue by Red Hat Inc. This issue was reported by Qinghao Tang of QIHU 360 Marvel Team. (from http://www.openwall.com/lists/oss-security/2015/12/14/2) _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
