Vigil@nce - QEMU: denial of service via PRNG
March 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker in a guest system can generate an error in the PRNG of
QEMU, in order to trigger a denial of service.
Impacted products: QEMU.
Severity: 1/4.
Creation date: 04/03/2016.
DESCRIPTION OF THE VULNERABILITY
The QEMU product implements a PRNG (Pseudo Random Number
Generator) in backends/rng.c and backends/rng-egd.c.
However, the rng_backend_request_entropy() and
rng_egd_request_entropy() functions incorrectly manage the memory
allocation to store random data.
An attacker in a guest system can therefore generate an error in
the PRNG of QEMU, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/QEMU-denial-of-service-via-PRNG-19103