Vigil@nce - QEMU: information disclosure via patch_instruction
April 2016 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A local attacker can read a memory fragment of patch_instruction()
of QEMU, in order to obtain sensitive information.
Impacted products: QEMU.
Severity: 1/4.
Creation date: 14/04/2016.
DESCRIPTION OF THE VULNERABILITY
The QEMU product implements an optimization for the TTR (Task
Priority Register) register.
However, the patch_instruction() function of the
hw/i386/kvmvapic.c file does not initialize a memory area before
returning it to the user.
A local attacker can therefore read a memory fragment of
patch_instruction() of QEMU, in order to obtain sensitive
information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/QEMU-information-disclosure-via-patch-instruction-19373