On Mon, 2026-06-22 at 17:30 +0100, Daniel P. Berrangé wrote: > On Mon, Jun 22, 2026 at 06:11:44PM +0200, Laurent Vivier wrote: > > A malicious guest can craft virtqueue descriptors with arbitrary > > lengths. > > control_out() calls iov_size() on the guest-supplied scatter-gather > > list > > and passes the result directly to g_malloc(), allowing a guest to > > force > > QEMU to attempt multi-gigabyte allocations and crash the host > > process. > > > > Fix this by copying at most sizeof(struct virtio_console_control) > > into a > > stack-local variable instead of allocating a buffer sized by the > > guest. > > handle_control_message() only accesses the fixed-size id, event, > > and > > value fields, so no data beyond the struct was ever needed. > > Does anyone have thoughts on whether we should treat guest initiated > unbounded allocs as a security issue ? > > IIUC, this flaw would require root in the guest OS in order to craft > the malicious virtqueue descriptors.
We've always treated guests to be malicious and design host interfaces with that in mind (i.e. even w/o the qualifier that root access is needed in guests -- it's assumed guests are always malicious). > A self-initiated crash triggered by root would not historically > be enough justification for CVE. We would require it to be triggered > by unprivileged user. > > Nested virt with device assignment could change that equation though > as the L2 guest could be considered an unpriv user from the L1 POV. > > Also in theory the large alloc might be large enough to consume all > host RAM but not large enough to trigger OOM kill of QEMU. This might > impact operation of other co-located VMs on the same host. > > Anyone think this is bad enough to justify a CVE ? Or should we treat > these OOM scenarios maerely as "hardening" bugs, where they require > 'root' in the L1 guest ? > > > Cc: [email protected] > > Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3585 > > Signed-off-by: Laurent Vivier <[email protected]> Typically the size would be bounded by the cgroups surrounding the qemu process; but in any case I would assume the guest would only end up killing the qemu process, rather than starve the whole host of RAM. I wouldn't qualify this a CVE. Amit
