qemu-2.12.1 crashes when running malicious bootloader.
Bug #1810956 reported by
k4m1
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
QEMU |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Running specific bootloader on Qemu causes fatal error and
hence SIGABRT in /qemu-2.
Bootloader binary code is included in attachments.
The code was generated by assembling a valid bootloader, then
appending random-bytes from file `/dev/urandom` to the binary file.
To post a comment you must log in.
This is a bug, obviously, but note that we do not guarantee TCG binary translation to be a security boundary against malicious code. Don't run guest code you don't trust inside TCG without further sandboxing around QEMU. (Much of the code that runs in a TCG configuration is old and unaudited, so there may be lurking bugs. Configurations using KVM are the only ones where we treat guest escapes as security bugs.)