Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 566792 (CVE-2015-8345) - <app-emulation/qemu-2.4.1-r2: eepro100: infinite loop in processing command block list
Summary: <app-emulation/qemu-2.4.1-r2: eepro100: infinite loop in processing command b...
Status: RESOLVED FIXED
Alias: CVE-2015-8345
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/1285213
Whiteboard: B3 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-11-25 10:54 UTC by Agostino Sarubbo
Modified: 2016-02-04 09:34 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-11-25 10:54:46 UTC
From ${URL} :

Qemu emulator built with the i8255x (PRO100) emulation support is vulnerable
to an infinite loop issue. It could occur while processing a chain of commands
located in the Command Block List(CBL). Each Command Block(CB) points to the
next command in the list. An infinite loop unfolds if the link to the next
CB points to the same block or there is a closed loop in the chain.

A privileged(CAP_SYS_RAWIO) user inside guest could use this flaw to crash
the Qemu instance resulting in DoS.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 SpanKY gentoo-dev 2015-12-08 03:18:17 UTC
i've added the upstream fixes to 2.4.1-r1:
http://gitweb.gentoo.org/repo/gentoo.git/commit/?id=32c4e7044c0a00de9d1a10fc8db207c4fa34dbba

should be fine to stabilize
Comment 2 Agostino Sarubbo gentoo-dev 2015-12-18 17:07:43 UTC
stabilized in another bug.

cleanup done by vapier
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2015-12-25 00:37:11 UTC
Arches and Maintainer(s), Thank you for your work.

Added to an existing GLSA Request.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2016-02-04 09:34:15 UTC
This issue was resolved and addressed in
 GLSA 201602-01 at https://security.gentoo.org/glsa/201602-01
by GLSA coordinator Kristian Fiskerstrand (K_F).