Vigil@nce - QEMU: denial of service via vmstate_xhci_event
September 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use vmstate_xhci_event of QEMU, in order to
trigger a denial of service.
Impacted products: Unix (platform)
Severity: 1/4
Creation date: 27/08/2014
DESCRIPTION OF THE VULNERABILITY
The xHCI (eXtensible Host Controller Interface) interface is used
by USB.
The QEMU hw/usb/hcd-xhci.c file defines the vmstate_xhci_event
list. However, this list is not ended. Its usage thus triggers an
access to an invalid memory area.
A local attacker can therefore use vmstate_xhci_event of QEMU, in
order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/QEMU-denial-of-service-via-vmstate-xhci-event-15232