FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

qemu -- denial of service vulnerability in MSI-X support

Affected packages
qemu < 2.5.0
qemu-devel < 2.5.0
qemu-sbruno < 2.5.50.g20151224
qemu-user-static < 2.5.50.g20151224

Details

VuXML ID 3fb06284-b1b7-11e5-9728-002590263bf5
Discovery 2015-06-26
Entry 2016-01-03

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the PCI MSI-X support is vulnerable to null pointer dereference issue. It occurs when the controller attempts to write to the pending bit array(PBA) memory region. Because the MSI-X MMIO support did not define the .write method.

A privileges used inside guest could use this flaw to crash the Qemu process resulting in DoS issue.

References

CVE Name CVE-2015-7549
URL http://git.qemu.org/?p=qemu.git;a=commit;h=43b11a91dd861a946b231b89b7542856ade23d1b
URL http://www.openwall.com/lists/oss-security/2015/12/14/2
URL https://github.com/seanbruno/qemu-bsd-user/commit/43b11a91dd861a946b231b89b7542856ade23d1b