[libvirt] [PATCH] qemu: avoid denial of service reading from QEMU monitor (CVE-2018-xxxx)
Eric Blake
eblake at redhat.com
Wed Jan 17 16:26:15 UTC 2018
On 01/17/2018 10:13 AM, Michal Privoznik wrote:
> On 01/16/2018 06:01 PM, Daniel P. Berrange wrote:
>> We read from QEMU until seeing a \r\n pair to indicate a completed reply
>> or event. To avoid memory denial-of-service though, we must have a size
>> limit on amount of data we buffer. 10 MB is large enough that it ought
>> to cope with normal QEMU replies, and small enough that we're not
>> consuming unreasonable mem.
>>
>>
>
> ACK, although is this really a CVE? Doesn't look that harmful to me. I
> mean, owning qemu is not that easy, is it?
We treat qemu as untrusted, in case a guest escapes qemu due to some
other CVE. If a guest really did cause qemu to emit unbounded QMP text,
and it starves libvirtd, then that guest has mounted a denial of service
against anything else libvirtd is starved from doing. So yes, in my
opinion it is a CVE, even if it is an unlikely case because it won't
trigger without a flaw in more than one layer.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20180117/6e2b1e0e/attachment-0001.sig>
More information about the libvir-list
mailing list