QEMU-Devel Archive on lore.kernel.org
 help / color / Atom feed
* [Bug 1880332] [NEW] Possible regression in QEMU 5.0.0 after CVE-2020-10702 (segmentation fault)
@ 2020-05-23 19:13 Héctor Molinero Fernández
  2020-05-25 14:41 ` [Bug 1880332] " Laurent Vivier
  0 siblings, 1 reply; 2+ messages in thread
From: Héctor Molinero Fernández @ 2020-05-23 19:13 UTC (permalink / raw)
  To: qemu-devel

Public bug reported:

I've come across a very specific situation, but I'm sure it could be
replicated in other cases.

In QEMU 5.0.0 when I use user emulation with a cURL binary for aarch64
and connect to a server using TLS 1.2 and ECDHE-ECDSA-CHACHA20-POLY1305
cypher a segmentation fault occurs.

I attach a Dockerfile that reproduces this crash and the strace output
with and without the de0b1bae6461f67243282555475f88b2384a1eb9 commit
reverted.

** Affects: qemu
     Importance: Undecided
         Status: New

** Attachment added: "crash-replication.zip"
   https://bugs.launchpad.net/bugs/1880332/+attachment/5375960/+files/crash-replication.zip

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1880332

Title:
  Possible regression in QEMU 5.0.0 after CVE-2020-10702 (segmentation
  fault)

Status in QEMU:
  New

Bug description:
  I've come across a very specific situation, but I'm sure it could be
  replicated in other cases.

  In QEMU 5.0.0 when I use user emulation with a cURL binary for aarch64
  and connect to a server using TLS 1.2 and ECDHE-ECDSA-
  CHACHA20-POLY1305 cypher a segmentation fault occurs.

  I attach a Dockerfile that reproduces this crash and the strace output
  with and without the de0b1bae6461f67243282555475f88b2384a1eb9 commit
  reverted.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1880332/+subscriptions


^ permalink raw reply	[flat|nested] 2+ messages in thread

* [Bug 1880332] Re: Possible regression in QEMU 5.0.0 after CVE-2020-10702 (segmentation fault)
  2020-05-23 19:13 [Bug 1880332] [NEW] Possible regression in QEMU 5.0.0 after CVE-2020-10702 (segmentation fault) Héctor Molinero Fernández
@ 2020-05-25 14:41 ` Laurent Vivier
  0 siblings, 0 replies; 2+ messages in thread
From: Laurent Vivier @ 2020-05-25 14:41 UTC (permalink / raw)
  To: qemu-devel

** Tags added: linux-user

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1880332

Title:
  Possible regression in QEMU 5.0.0 after CVE-2020-10702 (segmentation
  fault)

Status in QEMU:
  New

Bug description:
  I've come across a very specific situation, but I'm sure it could be
  replicated in other cases.

  In QEMU 5.0.0 when I use user emulation with a cURL binary for aarch64
  and connect to a server using TLS 1.2 and ECDHE-ECDSA-
  CHACHA20-POLY1305 cypher a segmentation fault occurs.

  I attach a Dockerfile that reproduces this crash and the strace output
  with and without the de0b1bae6461f67243282555475f88b2384a1eb9 commit
  reverted.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1880332/+subscriptions


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-23 19:13 [Bug 1880332] [NEW] Possible regression in QEMU 5.0.0 after CVE-2020-10702 (segmentation fault) Héctor Molinero Fernández
2020-05-25 14:41 ` [Bug 1880332] " Laurent Vivier

QEMU-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/qemu-devel/0 qemu-devel/git/0.git
	git clone --mirror https://lore.kernel.org/qemu-devel/1 qemu-devel/git/1.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 qemu-devel qemu-devel/ https://lore.kernel.org/qemu-devel \
		qemu-devel@nongnu.org
	public-inbox-index qemu-devel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.nongnu.qemu-devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git