|
Message-Id: <20151125175731.1FBB333204D@smtpvbsrv1.mitre.org> Date: Wed, 25 Nov 2015 12:57:31 -0500 (EST) From: cve-assign@...re.org To: ppandit@...hat.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, luodalongde@...il.com Subject: Re: CVE request Qemu: net: eepro100: infinite loop in processing command block list -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > Qemu emulator built with the i8255x (PRO100) emulation support is vulnerable > to an infinite loop issue. It could occur while processing a chain of commands > located in the Command Block List(CBL). Each Command Block(CB) points to the > next command in the list. An infinite loop unfolds if the link to the next > CB points to the same block or there is a closed loop in the chain. > > A privileged(CAP_SYS_RAWIO) user inside guest could use this flaw to crash > the Qemu instance resulting in DoS. > > https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html > > hw/net/eepro100.c > action_command This is not yet available at http://git.qemu.org/?p=qemu.git;a=history;f=hw/net/eepro100.c but that may be an expected place for a later update. eepro100.c mentions "Portions of the code are copies from ... linux e100.c" at the top. We have not researched this, but it appears that this QEMU vulnerability is not present in http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/net/ethernet/intel/e100.c and thus we don't see any indication that the Linux kernel is another affected product. Use CVE-2015-8345. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWVfWTAAoJEL54rhJi8gl591EP/06FBlgbq3Aer+TcCq+wOM9M 2lAH/ssbE4otGXM73jUMxkOLfrFa86Fm8z59xVgFLHyFzJJhUpBRHsfi+qQxiXgn YkriJMmr5bQOQDJxqWq+lY3AG56HgtCHps646AoO1xEPUAu0hP/n6mpwL8yj0R7x az9lPKY5heBt7NL7RZJ83U8BSm85Wt9CICO3qawb9R0Yj7iWVk0E1OWbMaRsf5if OoJw52/c5cTfPAsGHu003E5vREvNrEL29I0+luCVJeRusjXsr3/nldnnN8Anvp7b BbNmKraOmpmc2qsVjnkwpkmvX3XROXKUQOBQdbqpheJ/VBSoGqT+A2rCeO3Ba8m7 KHI4CB6eccC9SeFi1DjV5ZWdCWSIiaofzw8y/4ZHUOSIFMaoaEJyKKVb68/++bA0 mZN85P24QqDGEwLoWHWVit0WQ/aWBcJrSP7yKlvdtQQ65pIn5GEmp2rvmLID0RlS JssEis9JgDZ98/sEjVuWufK4c5w2S7kGi0Ebiy83N7HIbbG51Ix2+1UrPYq15vtV WiLdLaILOkeu4jOnmz+gaeBFVy6TFTIZhIeV7Az3QCCY1xDv7Woxvw4UM+w5OXiG m/S82BI+qOvyfs7Bsdn1RIWJtFga4aefs0CKsPwlwC+sLduslxdUcN9ecivKqBzb //6yZbXJRI/ZzPCaHKIx =c5ap -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.