Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 14 Dec 2015 20:40:29 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
cc: Qinghao Tang <luodalongde@...il.com>, Gerd Hoffmann <kraxel@...hat.com>
Subject: CVE request Qemu: usb: infinite loop in ehci_advance_state results
 in DoS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

   Hello,

Qemu emulator built with the USB EHCI emulation support is vulnerable to an 
infinite loop issue. It occurs during communication between host controller 
interface(EHCI) and a respective device driver. These two communicate via a 
isochronous transfer descriptor list(iTD) and an infinite loop unfolds if 
there is a closed loop in this list.

A privileges user inside guest could use this flaw to consume excessive CPU 
cycles & resources on the host.

Upstream fix:
- -------------
   -> https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02124.html

This issue was discovered by Qinghao Tang of QIHU 360 Marvel Team.

Thank you.
- --
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWbtvmAAoJEN0TPTL+WwQf3MIQAJDWcJuiUFDPuHWQU1iVoUT3
Cp0PUxY37ldRTq3TYGw/7UEIJscULwDiVqtmkso+f67v70BRh8cQf/HiIDM93Zq8
fb9q4l3JSZZu6pSGiJKe2C7iwoIT5SA0JqzYhQQFlZvt/osFIxFtcAg+ribl092b
QMtNksA2/mUL7L+LP4mHgzAy0tTDNMp/fPE189bZID6iLvul1sQxE1HdBsRhYVDU
4Q0FWSO62If21/GyI5Rqrh11tpeXeWdqIYfJVETxdSzLzgqHlT6GyH5iZfnoTMxI
3H8yrqsFGFZhJP7caFd51cK+CbBAN/PP4z6SRfKJsPjX9eJp8YX1+u3WrvU/sMTA
f8dPDRnD0VZgW9dku0ETxXGuV4rXN17CgNm6i7Qft1JHZA5OGlxewMX2pgAcp/cM
9eVaBWPUKAjei1GUNfhxX3DLeSDt5cC83ICEedNhozY5k9UuwUGTl/p5I5UQVuqY
Z4xiDzuUE3O0IVpEQvyF3eiYd5dRFrq3qo6NG/KEd+A7dCmVprJLWGzMjbp/Onmz
LQFyw8eI+Q2znFqpSKNnYDjZemw2cTEkuHBXnWKOgtPb7iisWE3ke9WLVhgcc3O7
nT9raTZXn3feowabwDpBu+BOmejiN1TXkNR3e/CpBLqvZlatGdc1KCPm58zxTMWs
SZm4zSvaSyky/pMJonCU
=SYEW
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ