oss-sec mailing list archives
Re: CVE request Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch
From: cve-assign () mitre org
Date: Mon, 10 Oct 2016 13:50:12 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Quick Emulator(Qemu) built with the USB xHCI controller emulation support is vulnerable to an infinite loop issue. It could occur while processing USB command ring in 'xhci_ring_fetch'. A privileged user/process inside guest could use this issue to crash the Qemu process on the host leading to DoS. https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01265.html
Use CVE-2016-8576. This is not yet available at http://git.qemu.org/?p=qemu.git;a=history;f=hw/usb/hcd-xhci.c but that may be an expected place for a later update. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX+9QuAAoJEHb/MwWLVhi227sP/j2SzIXfALbHnYVcFBjeESHT cpjqznKkdukL1ETxQrO7VTi+BHkIbWB49Ey0PdvxXCR3cg/oRTE6WozOIefxNEtP O6rinOZTu8Fwubv3h9VDEi7g/qRPkkvaxKDUjyUNLerz5fvBMPubAPlxjgDOJeuu cplrkPTehzHIarXH0GViJ1V0I7f1As1T+PrQvfjP55ZOawefWwj1fJRDjzAuddhZ ggO0hSxk2pz+YjC2NAYcKCQ2uPUNVkJa7CqqwQBvQUMCdmESGUSYrWAnpBd3V5rX rRfvF7w7vHWmgU4XoKxJDHm6nr+l6HECS1uEi5+4N/NDLUhsE6MRKH9/zdJMsMCe jkAydq0lnOTBrB/lyVVBeTbAz5jtZNvIQWPwGVHH5bZjiCb8jJbn8vc8+E5OWSFx UA04ab3p2GjiY4QQIz8jNSlF/JAQzorkmRi3ZTR5jVeMr+Ca/OgkMRvurBI2LZFh HM61RVhU3Ix/ed/24SXQ30yTscNbX1iampTRYZKjVPzgIM2x+sfe+O8AtgVYPwPn iqnoHRp8sFYHalP0xcda9kQjmgUadcx7cCC6yzDF+6OKbA8vS2rmviJad12IpozE IEcmXHVxenxSjop9unjmEEc2NlQ11ygHxuDEldrKUFibmtEDFQs9k0cJzFckH4Qq qNTrXolM1XmhrzPru8jl =WSUH -----END PGP SIGNATURE-----
Current thread:
- CVE request Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch P J P (Oct 10)
- Re: CVE request Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch cve-assign (Oct 10)