| Summary: | <app-emulation/qemu-2.7.0-r1: scsi: pvscsi: infinite loop when building SG list | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | qemu+disabled |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2016/09/06/3 | ||
| Whiteboard: | B3 [glsa cve] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 593038 | ||
| Bug Blocks: | |||
Stabilization on bug #593038 commit b28fcd11405545eb2e4973f96823337531eebb08 Author: Matthias Maier <tamiko@gentoo.org> Date: Fri Sep 9 00:10:05 2016 -0500 app-emulation/qemu: fix static-user dep, security patches, bug #593038 This commit resolves bug #591202 bug #593024 bug #593034 CVE-2016-7155 bug #593036 CVE-2016-7156 bug #593038 CVE-2016-7157 Package-Manager: portage-2.2.28 Added to an existing GLSA Request. Cleanup in bug: 593038 This issue was resolved and addressed in GLSA 201609-01 at https://security.gentoo.org/glsa/201609-01 by GLSA coordinator Yury German (BlueKnight). |
From ${URL} : Quick Emulator(Qemu) built with the VMWARE PVSCSI paravirtual SCSI bus emulation support is vulnerable to an infinite loop issue. It could occur while processing an IO request descriptor, building SG list. A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00772.html Reference: ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1373478 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.