oss-sec mailing list archives
Re: CVE Request: Qemu: net: vmxnet: integer overflow in packet initialisation
From: cve-assign () mitre org
Date: Fri, 19 Aug 2016 10:14:19 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Quick Emulator(Qemu) built with the VMWARE VMXNET3 NIC device support, with network abstraction layer is vulnerable to an integer overflow issue. It could occur while initialisation of a new packets in the device. A privileged user inside guest could use this flaw to crash the Qemu instance resulting in DoS. https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03176.html http://git.qemu.org/?p=qemu.git;a=commit;h=47882fa4975bf0b58dd74474329fdd7154e8f04c
Use CVE-2016-6888. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXtxPMAAoJEHb/MwWLVhi2qbAQALDW9gWAfIs1puoNmVxiPEJa gEP2H+cvJ7x28K4IY1o6F2AFK+W0rLFrnemsD3UhD48Nd0SqsRkZu9zkdlnO/i/l bbQ3N4h1Cnim+6EW5W59mTVCN+mKyC+UOFDXCqB+YYd2YcBJ1V0oLkxKF7sMWN91 fxchTWC+cK8I9UAoHVRIerCds9QA/K1BUGimhkBBuijZ2PCt4InPi8wMSSxyfGh5 Jy7V4tqNHZ2i+s6vR0CQtoIf6D4wUyHY2sombCx5yGiUz9bcPuYlRhQyGNaU2jbq QKcA5Wqvby5Gf4z4BsfrS2AbIjhEiy15oE0YNEuLjUaTHJlZ3vbpziio3YOyX7qZ 0aj8xKcKlVJ9AIJytwSMkmoCiv0J9gMgDoTRxxtgSnVzvLMuZXoBavsiD5+8oDZU j2NEBioYRz+EOYit6eUhh3GRgKY1gIMVHAsWeH6+t8VXEaioQiL2gQEK5+bwitLi W1417UWUfEI0c7XMvLdVVLWtFPPyF5JfWj/c5irpc5SZYwcpyKQ7xJS+kVFSHvlC 1j/BNWhZhsR4gBB/Etw/SwBSia7Y5zJoHlZuFeUUxAV5ijvS4sGfFWEO4QBRE37m 97XWGYUA0wl3j2BqneI66hQzBt9E3yvKQ/5VFoWwRXDdQMy2I5j887OD4sOFbp2h l/dyBnupm8bwaOhskqL+ =n7LW -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Qemu: net: vmxnet: integer overflow in packet initialisation P J P (Aug 19)
- Re: CVE Request: Qemu: net: vmxnet: integer overflow in packet initialisation cve-assign (Aug 19)