oss-sec mailing list archives
Re: CVE request Qemu: net: eepro100: infinite loop in processing command block list
From: cve-assign () mitre org
Date: Wed, 25 Nov 2015 12:57:31 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Qemu emulator built with the i8255x (PRO100) emulation support is vulnerable to an infinite loop issue. It could occur while processing a chain of commands located in the Command Block List(CBL). Each Command Block(CB) points to the next command in the list. An infinite loop unfolds if the link to the next CB points to the same block or there is a closed loop in the chain. A privileged(CAP_SYS_RAWIO) user inside guest could use this flaw to crash the Qemu instance resulting in DoS. https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html hw/net/eepro100.c action_command
This is not yet available at http://git.qemu.org/?p=qemu.git;a=history;f=hw/net/eepro100.c but that may be an expected place for a later update. eepro100.c mentions "Portions of the code are copies from ... linux e100.c" at the top. We have not researched this, but it appears that this QEMU vulnerability is not present in http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/net/ethernet/intel/e100.c and thus we don't see any indication that the Linux kernel is another affected product. Use CVE-2015-8345. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWVfWTAAoJEL54rhJi8gl591EP/06FBlgbq3Aer+TcCq+wOM9M 2lAH/ssbE4otGXM73jUMxkOLfrFa86Fm8z59xVgFLHyFzJJhUpBRHsfi+qQxiXgn YkriJMmr5bQOQDJxqWq+lY3AG56HgtCHps646AoO1xEPUAu0hP/n6mpwL8yj0R7x az9lPKY5heBt7NL7RZJ83U8BSm85Wt9CICO3qawb9R0Yj7iWVk0E1OWbMaRsf5if OoJw52/c5cTfPAsGHu003E5vREvNrEL29I0+luCVJeRusjXsr3/nldnnN8Anvp7b BbNmKraOmpmc2qsVjnkwpkmvX3XROXKUQOBQdbqpheJ/VBSoGqT+A2rCeO3Ba8m7 KHI4CB6eccC9SeFi1DjV5ZWdCWSIiaofzw8y/4ZHUOSIFMaoaEJyKKVb68/++bA0 mZN85P24QqDGEwLoWHWVit0WQ/aWBcJrSP7yKlvdtQQ65pIn5GEmp2rvmLID0RlS JssEis9JgDZ98/sEjVuWufK4c5w2S7kGi0Ebiy83N7HIbbG51Ix2+1UrPYq15vtV WiLdLaILOkeu4jOnmz+gaeBFVy6TFTIZhIeV7Az3QCCY1xDv7Woxvw4UM+w5OXiG m/S82BI+qOvyfs7Bsdn1RIWJtFga4aefs0CKsPwlwC+sLduslxdUcN9ecivKqBzb //6yZbXJRI/ZzPCaHKIx =c5ap -----END PGP SIGNATURE-----
Current thread:
- CVE request Qemu: net: eepro100: infinite loop in processing command block list P J P (Nov 25)
- Re: CVE request Qemu: net: eepro100: infinite loop in processing command block list cve-assign (Nov 25)