Bug 1117279 - VUL-1: CVE-2018-19489: xen: QEMU: 9pfs: crash due to race condition in renaming files
Summary: VUL-1: CVE-2018-19489: xen: QEMU: 9pfs: crash due to race condition in renami...
Status: RESOLVED INVALID
Alias: None
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Charles Arnold
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/219640/
Whiteboard: CVSSv3:SUSE:CVE-2018-19489:2.8:(AV:L...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-11-26 09:39 UTC by Marcus Meissner
Modified: 2022-02-13 11:39 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-11-26 09:39:14 UTC
+++ This bug was initially created as a clone of Bug #1117275 +++

rh#1653156

A use-after-free flaw was found in the VirtFS, host directory sharing via Plan 9
File System(9pfs) support in QEMU. It could occur due to a race condition while renaming
files on a shared host directory.

A user inside guest could use this flaw to crash the QEMU process resulting in DoS issue.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg04489.html

Reference:
----------
  -> https://www.openwall.com/lists/oss-security/2018/11/26/1

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1653156
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19489
http://seclists.org/oss-sec/2018/q4/182
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg04489.html
Comment 3 Marcus Meissner 2018-11-27 07:20:25 UTC
9pfs is not enabled in the xen qemu