oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request Qemu: net: virtio-net possible remote DoS

From: cve-assign () mitre org
Date: Fri, 18 Sep 2015 15:11:09 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Qemu emulator built with the Virtual Network Device(virtio-net) support is
vulnerable to a DoS issue. It could occur while receiving large packets over
the tuntap/macvtap interfaces and when guest's virtio-net driver did not
support big/mergeable receive buffers.

An attacker on the local network could use this flaw to disable guest's
networking by sending a large number of jumbo frames to the guest, exhausting
all receive buffers and thus leading to a DoS situation.

https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04729.html
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04730.html
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04731.html



When packet is truncated during receiving, we drop the packets but
neither discard the descriptor nor add and signal used
descriptor. This will lead several issues:

- sg mappings are leaked
- rx will be stalled if a lots of packets were truncated


Use CVE-2015-7295.

As far as we can tell, "sg mappings are leaked" and "rx will be
stalled" aren't independent problems.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJV/GCUAAoJEL54rhJi8gl5CR0P/3W08SnlO7UG5romkJRFhZUX
MMmoucggrWMmrY1hGq11cODk5DmD53R0WDg5Eu+XfEwEyryHpTk034kJUub3yLOM
ylj+ZatLRWpRw2qofMSyI7wfJHOWbi6XjfzVPsMX1biub1ncIMnt3DYngXlKj4H5
leXdQDbcatxUvuSe7wYwxiFEVsLi0tS9EdlFmjxgQ63iOGqZXI6TL/pkvAeOPx4C
OIbxd2lAfyjtSxPo9NOXoXzlOxSoBm7n1KTD+nwOIVxlkbLQfh63lIycJ6dH717u
nuq1p7Hgd+KwkG6aqjD7iy+B0NLuS1oJj3Yl9P2bxlLjXf3qqieaOjk4AeZoMNXZ
zMx0f8ejWFgO0IP/kknslYcRnV6vvP+bBSmdCDwJZPi/ov82yVtRfIt3CLJ3rifP
Ms3/0sb58x5PITjYurioOJxDSpmXClRgUpahnCKBQijyNyLQF5tih0FSJ7RRqZub
/6cgwOvY6TIJJklZ9I4j/xn2VFbFwkf0ShqWzBIr2QZ3I5zNuwuGNGLE0Z/nGgf/
Pds9nDggKCHEPy96xsnfevbdGwIkNofRpTWwCRe1Qyy4KfM6t8mZ2vL4kjB+8Ngp
vDpulZkDVaLB7FvZ9Gb3SWICeLt2rMq8nQy3vJGKtss8zI2dcwJ6a0H/EP+cVaD8
nPCVm7dzeyUY84OY6uyN
=pwm1
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: