| Summary: | <app-emulation/qemu-2.5.0-r1: incorrect l2 header validation leads to a crash (CVE-2015-8744) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | qemu+disabled |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2016/01/04/3 | ||
| Whiteboard: | B3 [glsa cve cleanup] | ||
| Package list: | Runtime testing required: | --- | |
this is included in the 2.5.0 release in the tree. no plans to backport to 2.4. The stabilization happened in bug 571566 CVE-2015-8744 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8744): A reachable-assertion flaw was found in the QEMU emulator built with VMWARE-VMXNET3 paravirtualized NIC emulator support. The flaw occurs if a guest sends a Layer-2 packet that was smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could exploit this flaw to crash the QEMU process instance, resulting in denial of service. Added to existing GLSA draft This issue was resolved and addressed in GLSA 201602-01 at https://security.gentoo.org/glsa/201602-01 by GLSA coordinator Kristian Fiskerstrand (K_F). |
From ${URL} : Qemu emulator built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packets smaller than 22 bytes. A privileged(CAP_SYS_RAWIO) guest user could use this flaw to crash the Qemu process instance resulting in DoS. Upstream patch: - --------------- -> http://git.qemu.org/?p=qemu.git;a=commitdiff;h=a7278b36fcab9af469563bd7b Reference: - ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1270871 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.