oss-sec mailing list archives
CVE request Qemu: usb: infinite loop in ehci_advance_state results in DoS
From: P J P <ppandit () redhat com>
Date: Mon, 14 Dec 2015 20:40:29 +0530 (IST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello,Qemu emulator built with the USB EHCI emulation support is vulnerable to an infinite loop issue. It occurs during communication between host controller interface(EHCI) and a respective device driver. These two communicate via a isochronous transfer descriptor list(iTD) and an infinite loop unfolds if there is a closed loop in this list.
A privileges user inside guest could use this flaw to consume excessive CPU cycles & resources on the host.
Upstream fix: - ------------- -> https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02124.html This issue was discovered by Qinghao Tang of QIHU 360 Marvel Team. Thank you. - -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWbtvmAAoJEN0TPTL+WwQf3MIQAJDWcJuiUFDPuHWQU1iVoUT3 Cp0PUxY37ldRTq3TYGw/7UEIJscULwDiVqtmkso+f67v70BRh8cQf/HiIDM93Zq8 fb9q4l3JSZZu6pSGiJKe2C7iwoIT5SA0JqzYhQQFlZvt/osFIxFtcAg+ribl092b QMtNksA2/mUL7L+LP4mHgzAy0tTDNMp/fPE189bZID6iLvul1sQxE1HdBsRhYVDU 4Q0FWSO62If21/GyI5Rqrh11tpeXeWdqIYfJVETxdSzLzgqHlT6GyH5iZfnoTMxI 3H8yrqsFGFZhJP7caFd51cK+CbBAN/PP4z6SRfKJsPjX9eJp8YX1+u3WrvU/sMTA f8dPDRnD0VZgW9dku0ETxXGuV4rXN17CgNm6i7Qft1JHZA5OGlxewMX2pgAcp/cM 9eVaBWPUKAjei1GUNfhxX3DLeSDt5cC83ICEedNhozY5k9UuwUGTl/p5I5UQVuqY Z4xiDzuUE3O0IVpEQvyF3eiYd5dRFrq3qo6NG/KEd+A7dCmVprJLWGzMjbp/Onmz LQFyw8eI+Q2znFqpSKNnYDjZemw2cTEkuHBXnWKOgtPb7iisWE3ke9WLVhgcc3O7 nT9raTZXn3feowabwDpBu+BOmejiN1TXkNR3e/CpBLqvZlatGdc1KCPm58zxTMWs SZm4zSvaSyky/pMJonCU =SYEW -----END PGP SIGNATURE-----
Current thread:
- CVE request Qemu: usb: infinite loop in ehci_advance_state results in DoS P J P (Dec 14)
- Re: CVE request Qemu: usb: infinite loop in ehci_advance_state results in DoS cve-assign (Dec 14)