Re: CVE request Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Qemu emulator built with a VMWARE VMXNET3 paravirtual NIC emulator support is
> vulnerable to crash issue. It occurs when a guest sends a Layer-2 packets
> smaller than 22 bytes.
>
> A privileged(CAP_SYS_RAWIO) guest user could use this flaw to crash the Qemu
> process instance resulting in DoS.
>
> http://git.qemu.org/?p=qemu.git;a=commit;h=a7278b36fcab9af469563bd7b9dadebe2ae25e48
> https://bugzilla.redhat.com/show_bug.cgi?id=1270871

> > 'tx_pkt->packet_type' hasn't been assigned for such packets, and
> > 'vmxnet3_on_tx_done_update_stats()' expects it to be properly set.

Use CVE-2015-8744.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWiqQOAAoJEL54rhJi8gl58u0QAJHr+J/tR96tT+LyDMUQWhaP
Si58acKWZEkk9nV55TwaS6uJw0VriHu1QRB7gtU5VYWNPI6rRZk3sc52hoKJyLe9
GA1c4bvCekExsnUOIIV5MNcqa2o53uQCRfhtcfNTVwSn31tgmJud5PT3xIuJH5z6
cDR94YqJGdrOGbCxm7CH9NlGLQsy8cCXzMcCezkGogGxv16jg614PWjwOEvemEgT
Fbc03MHFquCULWF5QD0ZU0TIoFXQcS6KGtc2kvCmUEu6uPH+8NIUdj0bAOu47Yje
wzzOFf/dIoa0zO3trrSa1qznFlK/kyWmF2Ls3qZgojrc1IP79yCl9Q9ZoIE6NzF2
p8zzMoabvC8SzoRlCg2pJjJkmAyJR/bNbgw523/rvSz9q+6QzEtkYnNE26brITb3
v7GIJlfT9W+qrylm5nu01bb0U42E+uB/lA+M8s1ZpjPjQps2tUufr/XE/EGqdJvB
Za+tNNVPZeFGOEYIBYSrdhdKQQOkBLA0p7Ebcf8ZnHrPFEF7v14yRBgnlywf2kHD
wK6y91YEji25WjIIQQgmgaXmixUcwzS+y52ET0gEKcAO07IYKnOUexd+fMV2YBEW
aAC0Ch2xpR6bBn3SJye5avUIbML7B1M4VQlpSUZwn46DFir5dqHf0ssdYasO+DBU
eF6FHB0afcV5gGrTIozR
=O+Vj
-----END PGP SIGNATURE-----