|
Message-ID: <719af3cbbf8c4f269e61de4a0cbf6ac5@imshyb02.MITRE.ORG> Date: Fri, 2 Dec 2016 13:02:57 -0500 From: <cve-assign@...re.org> To: <ppandit@...hat.com> CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>, <wjjzhang@...cent.com> Subject: Re: CVE request Qemu: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > Quick Emulator(Qemu) built with the ColdFire Fast Ethernet Controller emulator > support is vulnerable to an infinite loop issue. It could occur while > receiving packets in 'mcf_fec_receive'. > > A privileged user/process inside guest could use this issue to crash the Qemu > process on the host leading to DoS. > > https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05324.html > https://bugzilla.redhat.com/show_bug.cgi?id=1400829 Use CVE-2016-9776. This is not yet available at http://git.qemu.org/?p=qemu.git;a=history;f=hw/net/mcf_fec.c but that may be an expected place for a later update. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYQbZDAAoJEHb/MwWLVhi2FGEP/jcbuXN9KtIlf6ff6wzQYoLv +Vtqvl6S1/VSnjDKKm0ikKlnnN/jZtoh8dzO3inGFDruTxom+pJKAKcp+G30qaIy G10mDBVeq0VzHvfJaFm63moPTkjvVGkapQKbpzuO+4xA3NESAhXc8TcAGyrm6CwB RbjjFomICR1dwoLIlASTxxJDmh37BjAmI3zXJ14QcHER8TDb8NIQ0V8ROGD+inHp yiRIt/3bQC/rEdkJETPCPFrogLFx/vjo9NKmxechzELPGTJ4CsvQumeAcwV3eEzO CIgKY24n93PJFBZww/Y6NWK7JxVclQjMz78saBMaKOPmtf6JHyDf5he4mUJB7zwN bpydPJFVLbgH/vd07APXgdoeoYY3uwxS3rE5vFDHjiJX8J6StvziUqLBZ+4RVo7V 4ZKNVyQ1sWIERTgSZoTxxj2Vauvl53ETI7cmSqV+dVHWshPAOP3Bsm9x6jbNDma8 hLkxiU+VhKqLZvfj9luyEdVCUnRDAqwPknnngjVPlZl67rD4o5ZKSyYx+fDV6Kqa 98TgAH0oC6SeyZ9I+YbSnCqmADX/xUDC3rmo9Ghux/1E9m3kApuW9geBwhcryOd3 RLljnzk3by19XCD10osVi0WplkvOCHvwHWzClzgbA/L6WMnrTSV8lNzipXD8rm/7 rAVDMdwKS6qXIq7RSrBE =hUvr -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.