|
Date: Mon, 10 Oct 2016 13:50:12 -0400 (EDT) From: cve-assign@...re.org To: ppandit@...hat.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, liqiang6-s@....cn Subject: Re: CVE request Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > Quick Emulator(Qemu) built with the USB xHCI controller emulation support is > vulnerable to an infinite loop issue. It could occur while processing USB > command ring in 'xhci_ring_fetch'. > > A privileged user/process inside guest could use this issue to crash the Qemu > process on the host leading to DoS. > > https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01265.html Use CVE-2016-8576. This is not yet available at http://git.qemu.org/?p=qemu.git;a=history;f=hw/usb/hcd-xhci.c but that may be an expected place for a later update. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX+9QuAAoJEHb/MwWLVhi227sP/j2SzIXfALbHnYVcFBjeESHT cpjqznKkdukL1ETxQrO7VTi+BHkIbWB49Ey0PdvxXCR3cg/oRTE6WozOIefxNEtP O6rinOZTu8Fwubv3h9VDEi7g/qRPkkvaxKDUjyUNLerz5fvBMPubAPlxjgDOJeuu cplrkPTehzHIarXH0GViJ1V0I7f1As1T+PrQvfjP55ZOawefWwj1fJRDjzAuddhZ ggO0hSxk2pz+YjC2NAYcKCQ2uPUNVkJa7CqqwQBvQUMCdmESGUSYrWAnpBd3V5rX rRfvF7w7vHWmgU4XoKxJDHm6nr+l6HECS1uEi5+4N/NDLUhsE6MRKH9/zdJMsMCe jkAydq0lnOTBrB/lyVVBeTbAz5jtZNvIQWPwGVHH5bZjiCb8jJbn8vc8+E5OWSFx UA04ab3p2GjiY4QQIz8jNSlF/JAQzorkmRi3ZTR5jVeMr+Ca/OgkMRvurBI2LZFh HM61RVhU3Ix/ed/24SXQ30yTscNbX1iampTRYZKjVPzgIM2x+sfe+O8AtgVYPwPn iqnoHRp8sFYHalP0xcda9kQjmgUadcx7cCC6yzDF+6OKbA8vS2rmviJad12IpozE IEcmXHVxenxSjop9unjmEEc2NlQ11ygHxuDEldrKUFibmtEDFQs9k0cJzFckH4Qq qNTrXolM1XmhrzPru8jl =WSUH -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.