QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by aam 0x0, which triggers a divide-by-zero error.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qemu | Qemu | 0.8.2 (including) | 0.8.2 (including) |
| Kvm | Ubuntu | feisty | * |
| Kvm | Ubuntu | gutsy | * |
| Kvm | Ubuntu | hardy | * |
| Kvm | Ubuntu | intrepid | * |
| Kvm | Ubuntu | jaunty | * |
| Kvm | Ubuntu | upstream | * |
| Qemu | Ubuntu | dapper | * |
| Qemu | Ubuntu | edgy | * |
| Qemu | Ubuntu | feisty | * |
| Qemu | Ubuntu | gutsy | * |
| Qemu | Ubuntu | hardy | * |
| Qemu | Ubuntu | intrepid | * |
| Qemu | Ubuntu | jaunty | * |
| Qemu-kvm | Ubuntu | devel | * |
| Qemu-kvm | Ubuntu | karmic | * |
References
- http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00650.html
- http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00651.html
- http://osvdb.org/35498
- http://secunia.com/advisories/25073
- http://secunia.com/advisories/25095
- http://secunia.com/advisories/29129
- http://taviso.decsystem.org/virtsec.pdf
- http://www.debian.org/security/2007/dsa-1284
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:162
- http://www.securityfocus.com/bid/23731
- http://www.vupen.com/english/advisories/2007/1597
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34046
- http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00650.html
- http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00651.html
- http://osvdb.org/35498
- http://secunia.com/advisories/25073
- http://secunia.com/advisories/25095
- http://secunia.com/advisories/29129
- http://taviso.decsystem.org/virtsec.pdf
- http://www.debian.org/security/2007/dsa-1284
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:162
- http://www.securityfocus.com/bid/23731
- http://www.vupen.com/english/advisories/2007/1597
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34046