FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

qemu -- denial of service vulnerability in IDE disk/CD/DVD-ROM emulation

Affected packages
qemu < 2.4.1
qemu-devel < 2.4.1
qemu-sbruno < 2.5.50.g20151224
qemu-user-static < 2.5.50.g20151224

Details

VuXML ID bbc97005-b14e-11e5-9728-002590263bf5
Discovery 2015-09-09
Entry 2016-01-02

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the IDE disk and CD/DVD-ROM emulation support is vulnerable to a divide by zero issue. It could occur while executing an IDE command WIN_READ_NATIVE_MAX to determine the maximum size of a drive.

A privileged user inside guest could use this flaw to crash the Qemu instance resulting in DoS.

References

CVE Name CVE-2015-6855
URL http://git.qemu.org/?p=qemu.git;a=commit;h=63d761388d6fea994ca498c6e7a210851a99ad93
URL http://www.openwall.com/lists/oss-security/2015/09/10/1
URL https://github.com/seanbruno/qemu-bsd-user/commit/d9033e1d3aa666c5071580617a57bd853c5d794a