[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug 1844635] Re: qemu bug where load linux kernel
From: |
Thomas Huth |
Subject: |
[Bug 1844635] Re: qemu bug where load linux kernel |
Date: |
Tue, 12 May 2020 05:27:49 -0000 |
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1844635
Title:
qemu bug where load linux kernel
Status in QEMU:
Fix Released
Bug description:
i found a qemu bug ,when the qemu start and parse the kernel file .
This vulnerability can be exploited.
thanks
/****
(gdb) set args -nodefaults -device pc-testdev -device
isa-debug-exit,iobase=0xf4,iosize=0x4 -vnc none -serial stdio -device
pci-testdev -machine accel=kvm -m 2048 -smp 2 -cpu host -machine
kernel_irqchip=split -kernel poc1
(gdb) r
Starting program: /usr/bin/qemu-system-x86_64 -nodefaults -device pc-testdev
-device isa-debug-exit,iobase=0xf4,iosize=0x4 -vnc none -serial stdio -device
pci-testdev -machine accel=kvm -m 2048 -smp 2 -cpu host -machine
kernel_irqchip=split -kernel ./poc/poc1
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe9a03700 (LWP 30066)]
[New Thread 0x7fffe9202700 (LWP 30068)]
[New Thread 0x7fffe8a01700 (LWP 30069)]
Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
__memmove_avx_unaligned_erms () at
../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:249
249 ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S: No such file
or directory.
(gdb) bt
#0 0x00007ffff2390b1f in __memmove_avx_unaligned_erms () at
../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:249
#1 0x00005555559ebdcf in rom_copy ()
#2 0x00005555558dd1b3 in load_multiboot ()
#3 0x00005555558de1c3 in ()
#4 0x00005555558e19d1 in pc_memory_init ()
#5 0x00005555558e4ee3 in ()
#6 0x00005555559e8500 in machine_run_board_init ()
#7 0x0000555555834959 in main ()
(gdb) c
Continuing.
Couldn't get registers: No such process.
Couldn't get registers: No such process.
(gdb) [Thread 0x7fffe8a01700 (LWP 30069) exited]
[Thread 0x7fffe9202700 (LWP 30068) exited]
[Thread 0x7fffe9a03700 (LWP 30066) exited]
Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
***/
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1844635/+subscriptions
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Bug 1844635] Re: qemu bug where load linux kernel,
Thomas Huth <=