diff options
Diffstat (limited to 'results/classifier/deepseek-2-tmp/output/peripherals/1909247')
| -rw-r--r-- | results/classifier/deepseek-2-tmp/output/peripherals/1909247 | 30 |
1 files changed, 0 insertions, 30 deletions
diff --git a/results/classifier/deepseek-2-tmp/output/peripherals/1909247 b/results/classifier/deepseek-2-tmp/output/peripherals/1909247 deleted file mode 100644 index ef413508..00000000 --- a/results/classifier/deepseek-2-tmp/output/peripherals/1909247 +++ /dev/null @@ -1,30 +0,0 @@ - -QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c - -A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU. It could occur in the esp_do_dma() function in hw/scsi/esp.c while handling the 'Information Transfer' command (CMD_TI). A privileged guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process. - -This issue was reported by Cheolwoo Myung (Seoul National University). - -Original report: -Using hypervisor fuzzer, hyfuzz, I found a use-after-free issue in -am53c974 emulator of QEMU enabled ASan. - -It occurs while transferring information, as it does not check the -buffer to be transferred. - -A malicious guest user/process could use this flaw to crash the QEMU -process resulting in DoS scenario. - -To reproduce this issue, please run the QEMU with the following command -line. - -# To enable ASan option, please set configuration with the following -$ ./configure --target-list=i386-softmmu --disable-werror --enable-sanitizers -$ make - -# To reproduce this issue, please run the QEMU process with the following command line -$ ./qemu-system-i386 -m 512 -drive file=./hyfuzz.img,index=0,media=disk,format=raw \ --device am53c974,id=scsi -device scsi-hd,drive=SysDisk \ --drive id=SysDisk,if=none,file=./disk.img - -Please find attached the disk images to reproduce this issue. \ No newline at end of file |