Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-42467: hw/scsi/scsi-disk: Disallow block sizes smaller than BDRV_SECTOR_SIZE (3f911044) · Commits · Thomas Huth / QEMU · GitLab

QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.

CVE
#git#auth

Skip to content

GitLab

    • Why GitLab
    • Pricing
    • Contact Sales
    • Explore
  • Why GitLab

  • Pricing

  • Contact Sales

  • Explore

  • Sign in

  • Register

  • Thomas Huth

  • QEMU

  • Commits

  • 3f911044

Commit 3f911044 authored Aug 17, 2023 by Thomas Huth

Browse files

hw/scsi/scsi-disk: Disallow block sizes smaller than BDRV_SECTOR_SIZE

We are doing things like

nb\_sectors /= (s->qdev.blocksize / BDRV\_SECTOR\_SIZE);

in the code here (e.g. in scsi_disk_emulate_mode_sense()), so if the blocksize is smaller than BDRV_SECTOR_SIZE (=512), this crashes with a division by 0 exception. Thus disallow block sizes of 256 bytes to avoid this situation.

Resolves: qemu-project/qemu#1813

Signed-off-by: Thomas Huth <[email protected]>

parent e3ea247f

  • Changes 1

Hide whitespace changes

Inline Side-by-side

0% or .

You are about to add 0 people to the discussion. Proceed with caution.

Finish editing this message first!

Please register or sign in to comment

Related news

Ubuntu Security Notice USN-6567-2

Ubuntu Security Notice 6567-2 - USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too restrictive and introduced a behavior change leading to a regression in certain environments. This update fixes the problem. Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. Various other issues were also addressed.

Ubuntu Security Notice USN-6567-1

Ubuntu Security Notice 6567-1 - Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that QEMU incorrectly handled the TCG Accelerator. A local attacker could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code and escalate privileges. This issue only affected Ubuntu 20.04 LTS.

CVE-2023-42467: FPE division by zero in scsi_disk_reset() [CVE-2023-42467] (#1813) · Issues · QEMU / QEMU · GitLab

QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907