Re: Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Qemu emulator built with the USB EHCI emulation support is vulnerable to an
> infinite loop issue. It occurs during communication between host controller
> interface(EHCI) and a respective device driver. These two communicate via a
> split isochronous transfer descriptor list(siTD) and an infinite loop unfolds
> if there is a closed loop in this list.
>
> A privileged user inside guest could use this flaw to consume excessive CPU
> cycles & resources on the host.
>
> This issue is similar to CVE-2015-8558, but using siTD instead of iTD.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1325129
> https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html

Use CVE-2016-4037.

This is not yet available at
http://git.qemu.org/?p=qemu.git;a=history;f=hw/usb/hcd-ehci.c but
that may be an expected place for a later update.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXFQCaAAoJEHb/MwWLVhi2nh0P/iCA8MRdrSfpTjtl3f3Y33KQ
dS2Kl9K4SeLoSTlo2AsO2+SfW72MW8fvKqOocfsOjIyGfh4rTvU+SxVMM2j4VnmL
/JQtfsrbyuHXjFrnwUdrd8OjMVsjbJVJkjE1kk+DZrI9xaQZjA0VlAvypYJi05Sd
uu1k5rN/jjFFvPx7ZgfVDVra+OgqGmrdxgpWpdcwdA+TTXXn9yPwTZBkFbDYB+cn
v4jlQPnd2aofX6TK0BCl1y3QGHMMwTJfjy5PGicmTFd1a3zmGbV64dnRKvyqZrr3
HqXrXAwVMonStMvTjCi4L4QegP0t/Z86b9MbVCpt0Uk7dpwu/cAl3OoPxFB5hogY
q0Na34hkDSbtWMmcCUKCJqatnRsC7C30FwzXVfA7+hWWs05mFHWVzgt5qqaIigr0
KelHweWIwPUONmlSDTjY9+bqZhvkmtSqjradkKcEJ79llf64Ztl9GR9vV5fg8HXy
rnxxVufTMXNAUeygbbul9zGv1bmUJiGGUAAxZVpjJZxKgr7ASSG9P0QOQ+BKWjAg
j/uy5cTYVoso+9hsq40DNvDUxSYGm1S/FWuLzSxYveT00PyoMEQZMsTw8TpNY4ua
/qBrIIVgUccZY9MSWHGB/0gGM1Fxz+LLsOEEX1LhRQk76z7u2gPSthoEh7AzMTYY
cCsXHG7ryKLkktIUUu6i
=NDYf
-----END PGP SIGNATURE-----