Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 24 Oct 2016 11:16:12 -0400 (EDT)
From: cve-assign@...re.org
To: ppandit@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, hendersa@...ulus.org
Subject: Re: CVE request Qemu: net: rtl8139: infinite loop while transmit in C+ mode

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Quick Emulator(Qemu) built with the RTL8139 ethernet controller emulation
> support is vulnerable to an infinite loop issue. It could occur while
> transmitting packets in C+ mode of operation.
> 
> A privileged user inside guest could use this flaw to consume excessive CPU
> cycles on the host, resulting in DoS situation.

> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html

>> RTL8139 ethernet controller in C+ mode supports multiple
>> descriptor rings, each with maximum of 64 descriptors. While
>> processing transmit descriptor ring in 'rtl8139_cplus_transmit',
>> it does not limit the descriptor count and runs forever. Add
>> check to avoid it.

Use CVE-2016-8910.

This is not yet available at
http://git.qemu.org/?p=qemu.git;a=history;f=hw/net/rtl8139.c but
that may be an expected place for a later update.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYDiS8AAoJEHb/MwWLVhi2MT0P/i1qqts1Nb1wttHz7EX/EAtm
qiNtxE7/IMAfHoLZ7UKJWk08RPY6O3wz55lbcPdZFtzJav2Ch2tnG2r25+Lr3OFD
yXD/zZrA7uxpZ+wyQoWa7m1oQkmaPMUdWDjAnFwOy2eMY6yv+YP9UbU5C1opAqhu
BVYZOXn+4rBa0LyXmw2DyUvNb2a6ePzyXgrJ42LMIdzKHL4ksyOkQ0frYkB1Vns4
LVDOE3OV7/LWMPOccwIOlUVHEc4cclMnsTQvVB67dNoiJanQV86+AmzdLsRwJqxr
cy2O6tKG+Gjc7H90uVLOHwEwUMgjswpj2hD1oFZcqPnbsV9cpnFDgTDK/65mpkab
oflQM68pdnPuWb05VgR+SAQ3jLTmRePaw73GEWi/vHXLNfLWkxmvqGevzV3swBDi
VG8TnAyWF939pxWbULRSB/3q5aU69iHUM0WIDWZH/WuQ0jEaPrxJg7R8kiVcdt4J
E+6mM7GQiGndSHXRyQjbf2SIVR80hNuWtctX3nkaZxWsIJTfFYCc8/Ae/M/HDdkf
bZHhNK5y7rchWd9DYiRi9Knf4axoNe/KvGy4jVhQnwrN8IKaHVKDqbl6cNKDEpUP
hPhKk+0JEjBFn0auboRZUUqAV90rwEl/VkMvz73WJU6IALhYNBoUkpDG5XewdA5W
yfHvedUqbQn9vcV6cnf9
=OGtv
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ