QEMU

qemu-2.12.1 crashes when running malicious bootloader.

Bug #1810956 reported by k4m1
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QEMU
Fix Released
Undecided
Unassigned

Bug Description

Running specific bootloader on Qemu causes fatal error and
hence SIGABRT in /qemu-2.12.1/tcg/tcg.c on line 2684.

Bootloader binary code is included in attachments.
The code was generated by assembling a valid bootloader, then
appending random-bytes from file `/dev/urandom` to the binary file.

Revision history for this message
k4m1 (k4m1) wrote :
Revision history for this message
Peter Maydell (pmaydell) wrote :

This is a bug, obviously, but note that we do not guarantee TCG binary translation to be a security boundary against malicious code. Don't run guest code you don't trust inside TCG without further sandboxing around QEMU. (Much of the code that runs in a TCG configuration is old and unaudited, so there may be lurking bugs. Configurations using KVM are the only ones where we treat guest escapes as security bugs.)

Revision history for this message
Peter Maydell (pmaydell) wrote :

I think this bug was fixed in QEMU 3.1 -- I can reproduce the assert on 3.0 but not on 3.1.

Changed in qemu:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.