Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 2 Dec 2016 13:02:57 -0500
From: <cve-assign@...re.org>
To: <ppandit@...hat.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>,
	<wjjzhang@...cent.com>
Subject: Re: CVE request Qemu: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Quick Emulator(Qemu) built with the ColdFire Fast Ethernet Controller emulator
> support is vulnerable to an infinite loop issue. It could occur while
> receiving packets in 'mcf_fec_receive'.
> 
> A privileged user/process inside guest could use this issue to crash the Qemu
> process on the host leading to DoS.
> 
> https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05324.html
> https://bugzilla.redhat.com/show_bug.cgi?id=1400829

Use CVE-2016-9776.

This is not yet available at
http://git.qemu.org/?p=qemu.git;a=history;f=hw/net/mcf_fec.c but
that may be an expected place for a later update.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYQbZDAAoJEHb/MwWLVhi2FGEP/jcbuXN9KtIlf6ff6wzQYoLv
+Vtqvl6S1/VSnjDKKm0ikKlnnN/jZtoh8dzO3inGFDruTxom+pJKAKcp+G30qaIy
G10mDBVeq0VzHvfJaFm63moPTkjvVGkapQKbpzuO+4xA3NESAhXc8TcAGyrm6CwB
RbjjFomICR1dwoLIlASTxxJDmh37BjAmI3zXJ14QcHER8TDb8NIQ0V8ROGD+inHp
yiRIt/3bQC/rEdkJETPCPFrogLFx/vjo9NKmxechzELPGTJ4CsvQumeAcwV3eEzO
CIgKY24n93PJFBZww/Y6NWK7JxVclQjMz78saBMaKOPmtf6JHyDf5he4mUJB7zwN
bpydPJFVLbgH/vd07APXgdoeoYY3uwxS3rE5vFDHjiJX8J6StvziUqLBZ+4RVo7V
4ZKNVyQ1sWIERTgSZoTxxj2Vauvl53ETI7cmSqV+dVHWshPAOP3Bsm9x6jbNDma8
hLkxiU+VhKqLZvfj9luyEdVCUnRDAqwPknnngjVPlZl67rD4o5ZKSyYx+fDV6Kqa
98TgAH0oC6SeyZ9I+YbSnCqmADX/xUDC3rmo9Ghux/1E9m3kApuW9geBwhcryOd3
RLljnzk3by19XCD10osVi0WplkvOCHvwHWzClzgbA/L6WMnrTSV8lNzipXD8rm/7
rAVDMdwKS6qXIq7RSrBE
=hUvr
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.