Date: Fri, 18 Sep 2015 15:11:09 -0400 (EDT) From: cve-assign@...re.org To: ppandit@...hat.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, jasowang@...hat.com Subject: Re: CVE request Qemu: net: virtio-net possible remote DoS -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > Qemu emulator built with the Virtual Network Device(virtio-net) support is > vulnerable to a DoS issue. It could occur while receiving large packets over > the tuntap/macvtap interfaces and when guest's virtio-net driver did not > support big/mergeable receive buffers. > > An attacker on the local network could use this flaw to disable guest's > networking by sending a large number of jumbo frames to the guest, exhausting > all receive buffers and thus leading to a DoS situation. > > https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04729.html > https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04730.html > https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04731.html > When packet is truncated during receiving, we drop the packets but > neither discard the descriptor nor add and signal used > descriptor. This will lead several issues: > > - sg mappings are leaked > - rx will be stalled if a lots of packets were truncated Use CVE-2015-7295. As far as we can tell, "sg mappings are leaked" and "rx will be stalled" aren't independent problems. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJV/GCUAAoJEL54rhJi8gl5CR0P/3W08SnlO7UG5romkJRFhZUX MMmoucggrWMmrY1hGq11cODk5DmD53R0WDg5Eu+XfEwEyryHpTk034kJUub3yLOM ylj+ZatLRWpRw2qofMSyI7wfJHOWbi6XjfzVPsMX1biub1ncIMnt3DYngXlKj4H5 leXdQDbcatxUvuSe7wYwxiFEVsLi0tS9EdlFmjxgQ63iOGqZXI6TL/pkvAeOPx4C OIbxd2lAfyjtSxPo9NOXoXzlOxSoBm7n1KTD+nwOIVxlkbLQfh63lIycJ6dH717u nuq1p7Hgd+KwkG6aqjD7iy+B0NLuS1oJj3Yl9P2bxlLjXf3qqieaOjk4AeZoMNXZ zMx0f8ejWFgO0IP/kknslYcRnV6vvP+bBSmdCDwJZPi/ov82yVtRfIt3CLJ3rifP Ms3/0sb58x5PITjYurioOJxDSpmXClRgUpahnCKBQijyNyLQF5tih0FSJ7RRqZub /6cgwOvY6TIJJklZ9I4j/xn2VFbFwkf0ShqWzBIr2QZ3I5zNuwuGNGLE0Z/nGgf/ Pds9nDggKCHEPy96xsnfevbdGwIkNofRpTWwCRe1Qyy4KfM6t8mZ2vL4kjB+8Ngp vDpulZkDVaLB7FvZ9Gb3SWICeLt2rMq8nQy3vJGKtss8zI2dcwJ6a0H/EP+cVaD8 nPCVm7dzeyUY84OY6uyN =pwm1 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ