Vigil@nce - QEMU: memory corruption via Firmware Configuration
January 2016 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local privileged attacker in a guest system can generate a
memory corruption in the Firmware Configuration implementation of
QEMU, in order to trigger a denial of service, and possibly to run
code on the host system.
Impacted products: QEMU.
Severity: 1/4.
Creation date: 12/01/2016.
DESCRIPTION OF THE VULNERABILITY
The QEMU product implements the support of Firmware Configuration.
However, the value FW_CFG_INVALID corrupts the memory in the
hw/nvram/fw_cfg.c file.
A local privileged attacker in a guest system can therefore
generate a memory corruption in the Firmware Configuration
implementation of QEMU, in order to trigger a denial of service,
and possibly to run code on the host system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/QEMU-memory-corruption-via-Firmware-Configuration-18683