search

AOSC-Dev / aosc-os-abbs

ABBS/ACBS tree for AOSC OS package metadata, build configuration, scripts, and patches
https://packages.aosc.io
GNU General Public License v2.0
102 stars 80 forks source link

qemu: CVE-2018-15746 #1356

Closed l2dy closed 6 years ago

l2dy commented 6 years ago

http://www.openwall.com/lists/oss-security/2018/08/28/6

An issue was found in the way QEMU implements Seccomp sandboxing. In that, all QEMU threads are not bound by the sandbox. A guest user/process maybe be able to use this flaw to crash a guest resulting in DoS.

Upstream patch:

-> https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html

Reference:

-> https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg02289.html

Architectural progress

MingcongBai commented 6 years ago

Fixed with https://github.com/AOSC-Dev/aosc-os-abbs/commit/87486a0ca9ffff998267b4b8ccb16e2d5983649f. Closing.

l2dy commented 6 years ago

Use AOSA-2018-0389.