| عنوان | CVE-2021-3392 - Denial of Service in QEMU virtualisation |
|---|
| الوصف | While processing SCSI i/o requests in mptsas_process_scsi_io_request(),
the Megaraid emulator appends new MPTSASRequest object 'req' to
the 's->pending' queue. In case of an error, this same object gets
dequeued in mptsas_free_request() only if SCSIRequest object
'req->sreq' is initialised. This may lead to a use-after-free issue.
Unconditionally dequeue 'req' object from 's->pending' to avoid it.
Source:
https://bugs.launchpad.net/qemu/+bug/1914236
https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html |
|---|
| المصدر | ⚠️ https://bugs.launchpad.net/qemu/+bug/1914236 |
|---|
| المستخدم | CSieberg (UID 13359) |
|---|
| ارسال | 08/02/2021 11:47 AM (5 سنوات منذ) |
|---|
| الاعتدال | 08/02/2021 01:08 PM (1 hour later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 169365 [QEMU 5.2.0 SCSI IO Request mptsas.c mptsas_process_scsi_io_request تلف الذاكرة] |
|---|
| النقاط | 20 |
|---|