Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for blocksize and logicalsectorsize variables. These are used to derive other fields like 'sectorsper_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.0.0~rc1+dfsg-0ubuntu3", "binary_name": "qemu" }, { "binary_version": "2.0.0~rc1+dfsg-0ubuntu3", "binary_name": "qemu-common" }, { "binary_version": "2.0.0~rc1+dfsg-0ubuntu3", "binary_name": "qemu-guest-agent" }, { "binary_version": "2.0.0~rc1+dfsg-0ubuntu3", "binary_name": "qemu-keymaps" }, { "binary_version": "2.0.0~rc1+dfsg-0ubuntu3", "binary_name": "qemu-kvm" }, { "binary_version": "2.0.0~rc1+dfsg-0ubuntu3", "binary_name": "qemu-system" }, { "binary_version": "2.0.0~rc1+dfsg-0ubuntu3", "binary_name": "qemu-system-aarch64" }, { "binary_version": "2.0.0~rc1+dfsg-0ubuntu3", "binary_name": "qemu-system-arm" }, { "binary_version": "2.0.0~rc1+dfsg-0ubuntu3", "binary_name": "qemu-system-common" }, { "binary_version": "2.0.0~rc1+dfsg-0ubuntu3", "binary_name": "qemu-system-mips" }, { "binary_version": "2.0.0~rc1+dfsg-0ubuntu3", "binary_name": "qemu-system-misc" }, { "binary_version": "2.0.0~rc1+dfsg-0ubuntu3", "binary_name": "qemu-system-ppc" }, { "binary_version": "2.0.0~rc1+dfsg-0ubuntu3", "binary_name": "qemu-system-sparc" }, { "binary_version": "2.0.0~rc1+dfsg-0ubuntu3", "binary_name": "qemu-system-x86" }, { "binary_version": "2.0.0~rc1+dfsg-0ubuntu3", "binary_name": "qemu-user" }, { "binary_version": "2.0.0~rc1+dfsg-0ubuntu3", "binary_name": "qemu-user-static" }, { "binary_version": "2.0.0~rc1+dfsg-0ubuntu3", "binary_name": "qemu-utils" } ] }