All of lore.kernel.org
 help / color / mirror / Atom feed
* [Bug 1844635] Re: qemu bug where load linux kernel
       [not found] <156888216450.5144.14810121266968903921.malonedeb@chaenomeles.canonical.com>
@ 2020-05-12  5:27 ` Thomas Huth
  0 siblings, 0 replies; only message in thread
From: Thomas Huth @ 2020-05-12  5:27 UTC (permalink / raw)
  To: qemu-devel

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1844635

Title:
  qemu bug where load linux kernel

Status in QEMU:
  Fix Released

Bug description:
  i found a qemu bug ,when the qemu start and parse the kernel file .

  This vulnerability can be exploited.

  thanks

  /****

  
  (gdb) set args -nodefaults -device pc-testdev -device isa-debug-exit,iobase=0xf4,iosize=0x4 -vnc none -serial stdio -device pci-testdev -machine accel=kvm -m 2048  -smp 2 -cpu host -machine kernel_irqchip=split -kernel poc1
  (gdb) r
  Starting program: /usr/bin/qemu-system-x86_64 -nodefaults -device pc-testdev -device isa-debug-exit,iobase=0xf4,iosize=0x4 -vnc none -serial stdio -device pci-testdev -machine accel=kvm -m 2048  -smp 2 -cpu host -machine kernel_irqchip=split -kernel ./poc/poc1
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
  [New Thread 0x7fffe9a03700 (LWP 30066)]
  [New Thread 0x7fffe9202700 (LWP 30068)]
  [New Thread 0x7fffe8a01700 (LWP 30069)]

  Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
  __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:249
  249	../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S: No such file or directory.
  (gdb) bt
  #0  0x00007ffff2390b1f in __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:249
  #1  0x00005555559ebdcf in rom_copy ()
  #2  0x00005555558dd1b3 in load_multiboot ()
  #3  0x00005555558de1c3 in  ()
  #4  0x00005555558e19d1 in pc_memory_init ()
  #5  0x00005555558e4ee3 in  ()
  #6  0x00005555559e8500 in machine_run_board_init ()
  #7  0x0000555555834959 in main ()
  (gdb) c
  Continuing.
  Couldn't get registers: No such process.
  Couldn't get registers: No such process.
  (gdb) [Thread 0x7fffe8a01700 (LWP 30069) exited]
  [Thread 0x7fffe9202700 (LWP 30068) exited]
  [Thread 0x7fffe9a03700 (LWP 30066) exited]

  Program terminated with signal SIGSEGV, Segmentation fault.
  The program no longer exists.

  ***/

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1844635/+subscriptions


^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2020-05-12  5:36 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <156888216450.5144.14810121266968903921.malonedeb@chaenomeles.canonical.com>
2020-05-12  5:27 ` [Bug 1844635] Re: qemu bug where load linux kernel Thomas Huth

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.