[Bug 1844635] Re: qemu bug where load linux kernel

Mon, 11 May 2020 22:36:02 -0700 

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1844635

Title:
  qemu bug where load linux kernel

Status in QEMU:
  Fix Released

Bug description:
  i found a qemu bug ,when the qemu start and parse the kernel file .

  This vulnerability can be exploited.

  thanks

  /****

  
  (gdb) set args -nodefaults -device pc-testdev -device 
isa-debug-exit,iobase=0xf4,iosize=0x4 -vnc none -serial stdio -device 
pci-testdev -machine accel=kvm -m 2048  -smp 2 -cpu host -machine 
kernel_irqchip=split -kernel poc1
  (gdb) r
  Starting program: /usr/bin/qemu-system-x86_64 -nodefaults -device pc-testdev 
-device isa-debug-exit,iobase=0xf4,iosize=0x4 -vnc none -serial stdio -device 
pci-testdev -machine accel=kvm -m 2048  -smp 2 -cpu host -machine 
kernel_irqchip=split -kernel ./poc/poc1
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
  [New Thread 0x7fffe9a03700 (LWP 30066)]
  [New Thread 0x7fffe9202700 (LWP 30068)]
  [New Thread 0x7fffe8a01700 (LWP 30069)]

  Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
  __memmove_avx_unaligned_erms () at 
../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:249
  249   ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S: No such file 
or directory.
  (gdb) bt
  #0  0x00007ffff2390b1f in __memmove_avx_unaligned_erms () at 
../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:249
  #1  0x00005555559ebdcf in rom_copy ()
  #2  0x00005555558dd1b3 in load_multiboot ()
  #3  0x00005555558de1c3 in  ()
  #4  0x00005555558e19d1 in pc_memory_init ()
  #5  0x00005555558e4ee3 in  ()
  #6  0x00005555559e8500 in machine_run_board_init ()
  #7  0x0000555555834959 in main ()
  (gdb) c
  Continuing.
  Couldn't get registers: No such process.
  Couldn't get registers: No such process.
  (gdb) [Thread 0x7fffe8a01700 (LWP 30069) exited]
  [Thread 0x7fffe9202700 (LWP 30068) exited]
  [Thread 0x7fffe9a03700 (LWP 30066) exited]

  Program terminated with signal SIGSEGV, Segmentation fault.
  The program no longer exists.

  ***/

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1844635/+subscriptions

Reply via email to