Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 593036 (CVE-2016-7156)

Summary: <app-emulation/qemu-2.7.0-r1: scsi: pvscsi: infinite loop when building SG list
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: qemu+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.openwall.com/lists/oss-security/2016/09/06/3
Whiteboard: B3 [glsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 593038    
Bug Blocks:    

Description Agostino Sarubbo gentoo-dev 2016-09-07 09:36:49 UTC
From ${URL} :

Quick Emulator(Qemu) built with the VMWARE PVSCSI paravirtual SCSI bus 
emulation support is vulnerable to an infinite loop issue. It could occur 
while processing an IO request descriptor, building SG list.

A privileged user inside guest could use this flaw to crash the Qemu process 
resulting in DoS.

Upstream patch:
---------------
   -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00772.html

Reference:
----------
   -> https://bugzilla.redhat.com/show_bug.cgi?id=1373478



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Matthias Maier gentoo-dev 2016-09-09 05:27:15 UTC
Stabilization on bug #593038

commit b28fcd11405545eb2e4973f96823337531eebb08
Author: Matthias Maier <tamiko@gentoo.org>
Date:   Fri Sep 9 00:10:05 2016 -0500

    app-emulation/qemu: fix static-user dep, security patches, bug #593038
    
    This commit resolves
    
      bug #591202
      bug #593024
      bug #593034 CVE-2016-7155
      bug #593036 CVE-2016-7156
      bug #593038 CVE-2016-7157
    
    Package-Manager: portage-2.2.28
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2016-09-25 23:08:41 UTC
Added to an existing GLSA Request.
Cleanup in bug: 593038
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2016-09-26 00:39:23 UTC
This issue was resolved and addressed in
 GLSA 201609-01 at https://security.gentoo.org/glsa/201609-01
by GLSA coordinator Yury German (BlueKnight).