Vigil@nce - QEMU: memory leak via the audio driver ac97
March 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker in tghe guest system can create a memory leak in the ac97 audio device driver of QEMU, in order to trigger a denial of service against the host system.
Impacted products: Fedora, openSUSE Leap, QEMU, SUSE Linux
Enterprise Desktop, SLES.
Creation date: 18/01/2017.
DESCRIPTION OF THE VULNERABILITY
The QEMU product can emulate the audio device ac97.
However, some memory areas are are not freed at software unplugging time.
An attacker, inside a guest system, can therefore create a memory leak in the ac97 audio device driver of QEMU, in order to trigger a denial of service against the host system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN