Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 580426

Summary: app-emulation/qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: qemu+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also:
Whiteboard: B3 [upstream]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2016-04-18 13:28:54 UTC
From ${URL} :

Qemu emulator built with the USB EHCI emulation support is vulnerable to an
infinite loop issue. It occurs during communication between host controller interface(EHCI) and a respective device driver. These two communicate via a split isochronous transfer descriptor list(siTD) and an infinite loop unfolds if there is a closed loop in this 

A privileges used inside guest could use this flaw to consume excessive CPU cycles & resources on the host.

This issue is similar to CVE-2015-8558, but using siTD instead of iTD.

Upstream patch:


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 SpanKY gentoo-dev 2016-04-23 20:30:50 UTC
the referenced fix requires the fix for bug 568246 to be reverted.  since we didn't do that, the security issue isn't exposed.

they landed the change to fix behavior on FreeBSD, so i'll add what went into master (the revert+update).

*** This bug has been marked as a duplicate of bug 568246 ***