Vigil@nce - Qemu: infinite loop of PRDT
March 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can generate an infinite loop with PRDT data in
Qemu, in order to trigger a denial of service.
Impacted products: Unix (platform)
Severity: 1/4
Creation date: 24/03/2015
DESCRIPTION OF THE VULNERABILITY
Disk devices can use a PRDT (Physical Region Descriptor Table).
However, the Qemu host does not check if its guests transmit valid
PRDT data.
A local attacker can therefore generate an infinite loop with PRDT
data in Qemu, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Qemu-infinite-loop-of-PRDT-16454