Headline
CVE-2023-42467: hw/scsi/scsi-disk: Disallow block sizes smaller than BDRV_SECTOR_SIZE (3f911044) · Commits · Thomas Huth / QEMU · GitLab
QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.
Skip to content
GitLab
- Why GitLab
- Pricing
- Contact Sales
- Explore
Why GitLab
Pricing
Contact Sales
Explore
Sign in
Register
Thomas Huth
QEMU
Commits
3f911044
Commit 3f911044 authored Aug 17, 2023 by Thomas Huth
Browse files
hw/scsi/scsi-disk: Disallow block sizes smaller than BDRV_SECTOR_SIZE
We are doing things like
nb\_sectors /= (s->qdev.blocksize / BDRV\_SECTOR\_SIZE);
in the code here (e.g. in scsi_disk_emulate_mode_sense()), so if the blocksize is smaller than BDRV_SECTOR_SIZE (=512), this crashes with a division by 0 exception. Thus disallow block sizes of 256 bytes to avoid this situation.
Resolves: qemu-project/qemu#1813
Signed-off-by: Thomas Huth <[email protected]>
parent e3ea247f
- Changes 1
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment
Related news
Ubuntu Security Notice 6567-2 - USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too restrictive and introduced a behavior change leading to a regression in certain environments. This update fixes the problem. Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. Various other issues were also addressed.
Ubuntu Security Notice 6567-1 - Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that QEMU incorrectly handled the TCG Accelerator. A local attacker could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code and escalate privileges. This issue only affected Ubuntu 20.04 LTS.
QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.