Re: CVE Request Qemu: net: e1000 infinite loop issue

[Qinghao Tang <luodalongde () gmail com>]

Can you disclosure this
vulneralbility officially claiming that me of the discoverer since it
will influence my KPI? Thanks.
( Qinghao Tang(tangqinghao () 360 cn) from QIHU 360  company )

2015-09-06 0:11 GMT+08:00 <cve-assign () mitre org>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> > Qemu emulator built with the e1000 NIC emulation support is vulnerable
> to an
> > infinite loop issue. It could occur while processing transmit descriptor
> data
> > when sending a network packet.
> >
> > A privileged user inside guest could use this flaw to crash the Qemu
> instance
> > resulting in DoS.
>
> > https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html
> >
> > [The guest can force 'bytes' to 0 by setting the hdr_len and mss
> > descriptor fields to 0.
>
> Use CVE-2015-6815.
>
> (not yet available at
> http://git.qemu.org/?p=qemu.git;a=history;f=hw/net/e1000.c)
>
> - --
> CVE assignment team, MITRE CVE Numbering Authority
> M/S M300
> 202 Burlington Road, Bedford, MA 01730 USA
> [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBCAAGBQJV6xP0AAoJEL54rhJi8gl5ZzIP/1DtazmDcZVyDAR0BysUdj4E
> /9Jp/RYt5iKmJ7AkYNQQDZs2C6HZ4uOQ7rVcU9zVk+9Z5WmECZ8lwrD/d1FSN6kI
> ZhpbyfkKxlFmMldKMRdYi+I/WUXYfLGiE99KiB0OaSMlH8DzWJmNDlnEAc250enO
> AQkMs7S5qLlZ0nGn0wFNIsw0mgLMNu+L62zvZ37FhISJrMdjgToNFkKMs6AjVgvB
> AsgoCsjO3V9Pxtu8RQ61iX4C33FbQv5DbYv6M+0IBffkpEb8j8nzeYwGBUFIdAfM
> +TEGMUqY5rMLRArvf+Dern5M9RuK/NUl/xtpyy1HpQJl00JAmo8xRd2H7tjQlV9y
> tWB1zhSKU6Ilr0YRPv6ZQ0I7nBoB0BiaslpObVSyKckmxOGPb6FB0UXgF/fuUBKQ
> AIOsKLdxmqqpNIwlL9jwNOURMNVlEelJqkwfoXJRk2ri8AXuJsoDQgodhTv59lBK
> HDWw2+jP12PwDDpvxHbPR1HmyeRVJBuXty73AXHki1gCtjdBYLyX6zoEMiFo56Gp
> mwmTK9IyavHxeLpkCop8XRVsKiI2JvLucXW2Epjw2DbkoaKVDyJUP7IGJAgHQdD6
> nQcT4rm37YvPG1Zgbo5Hvvtr1qe7WlLqujTFduSVqC5LCo/3JzoqKFakjII0zhzz
> Za83YKAaEH3eFasIiUrO
> =8f0T
> -----END PGP SIGNATURE-----