path: root/results/scraper/launchpad-without-comments/1844635

qemu bug where load linux kernel

i found a qemu bug ,when the qemu start and parse the kernel file .

This vulnerability can be exploited.

thanks

/****


(gdb) set args -nodefaults -device pc-testdev -device isa-debug-exit,iobase=0xf4,iosize=0x4 -vnc none -serial stdio -device pci-testdev -machine accel=kvm -m 2048  -smp 2 -cpu host -machine kernel_irqchip=split -kernel poc1
(gdb) r
Starting program: /usr/bin/qemu-system-x86_64 -nodefaults -device pc-testdev -device isa-debug-exit,iobase=0xf4,iosize=0x4 -vnc none -serial stdio -device pci-testdev -machine accel=kvm -m 2048  -smp 2 -cpu host -machine kernel_irqchip=split -kernel ./poc/poc1
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe9a03700 (LWP 30066)]
[New Thread 0x7fffe9202700 (LWP 30068)]
[New Thread 0x7fffe8a01700 (LWP 30069)]

Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
__memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:249
249	../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S: No such file or directory.
(gdb) bt
#0  0x00007ffff2390b1f in __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:249
#1  0x00005555559ebdcf in rom_copy ()
#2  0x00005555558dd1b3 in load_multiboot ()
#3  0x00005555558de1c3 in  ()
#4  0x00005555558e19d1 in pc_memory_init ()
#5  0x00005555558e4ee3 in  ()
#6  0x00005555559e8500 in machine_run_board_init ()
#7  0x0000555555834959 in main ()
(gdb) c
Continuing.
Couldn't get registers: No such process.
Couldn't get registers: No such process.
(gdb) [Thread 0x7fffe8a01700 (LWP 30069) exited]
[Thread 0x7fffe9202700 (LWP 30068) exited]
[Thread 0x7fffe9a03700 (LWP 30066) exited]

Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.

***/