Vigil@nce - QEMU: denial of service against the Network Block Device server
August 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can start NBD connexions to QEMU, in order to trigger
a denial of service.
Impacted products: Debian, QEMU, RHEL.
Severity: 2/4.
Creation date: 13/06/2017.
DESCRIPTION OF THE VULNERABILITY
QEMU includes a "Network Block Device" server, which emulates a
kind a remote raw disk.
However, when the NBS signalling is aborted at connexion time, a
data structure becomes invalid, which leads to the use of an
invalid pointer and a fatal exception.
An attacker can therefore start NBD connexions to QEMU, in order
to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN