Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 570110 (CVE-2015-8701)

Summary: <app-emulation/qemu-2.5.0-r1: rocker: fix an incorrect array bounds check (CVE-2015-8701)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: qemu+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa cve cleanup]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2015-12-29 14:40:27 UTC
From ${URL} :

Qemu emulator built with the Rocker switch emulation support is vulnerable to 
an off-by-one error. It happens while processing transmit(tx) descriptors in 
'tx_consume' routine, if a descriptor was to have more than allowed 
(ROCKER_TX_FRAGS_MAX=16) fragments.

A privileged user inside guest could use this flaw to cause memory leakage on 
the host or crash the Qemu process instance resulting in DoS issue.

Upstream patch:
- ---------------

- ----------

This issue was discovered by Mr Qinghao Tang of Qihoo 360 Inc.

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 SpanKY gentoo-dev 2016-01-18 05:00:26 UTC
fix is in qemu-2.5.0-r1 in the tree now
Comment 2 Agostino Sarubbo gentoo-dev 2016-01-26 15:03:07 UTC
The stabilization happened in bug 571566
Comment 3 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-01-26 19:04:48 UTC
Added to existing GLSA draft
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2016-02-04 09:35:16 UTC
This issue was resolved and addressed in
 GLSA 201602-01 at
by GLSA coordinator Kristian Fiskerstrand (K_F).
Comment 5 Yury German Gentoo Infrastructure gentoo-dev 2016-02-14 17:57:31 UTC
Re-Opening for cleanup. 

Maintainers, the GLSA has been released please clean up the Vulnerable versions.
Comment 6 Doug Goldstein (RETIRED) gentoo-dev 2016-02-15 15:31:35 UTC
Thanks for the report. Fixed in