[CVE-2019-5008] QEMU sun4u Denial of Service

January 3, 2019

QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.

Affected code:

diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c
index f76b19e4e9..5772da02cb 100644
--- a/hw/sparc64/sun4u.c
+++ b/hw/sparc64/sun4u.c
@@ -214,6 +214,11 @@  typedef struct PowerDevice {
 } PowerDevice;

 /* Power */
+static uint64_t power_mem_read(void *opaque, hwaddr addr, unsigned size)
+{
+    return 0;
+}
+
 static void power_mem_write(void *opaque, hwaddr addr,
                             uint64_t val, unsigned size)
 {
@@ -224,6 +229,7 @@  static void power_mem_write(void *opaque, hwaddr addr,
 }

 static const MemoryRegionOps power_mem_ops = {
+    .read = power_mem_read,
     .write = power_mem_write,
     .endianness = DEVICE_NATIVE_ENDIAN,
     .valid = {

References:

  1. https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg00186.html