Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 619018 (CVE-2017-9310)

Summary: <app-emulation/qemu-2.9.0: net: infinite loop in e1000e NIC emulation
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: boylemic, qemu+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=1452620
Whiteboard: B3 [glsa cve]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2017-05-20 08:20:22 UTC
From ${URL} :

Qemu emulator built with the e1000e NIC emulation support is vulnerable to an
infinite loop issue. It could occur while processing data via transmit or
receive descriptors, provided the initial receive/transmit descriptor
head(TDH/RDH) is set outside the allocated descriptor buffer.

A privileged user inside guest could use this flaw to crash the Qemu instance
resulting in DoS.

Upstream patch:
---------------
  -> http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4154c7e03fa55b4cf52509a83d50d6c09d743b7


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Matthias Maier gentoo-dev 2017-06-03 14:32:52 UTC
*** Bug 620306 has been marked as a duplicate of this bug. ***
Comment 2 Matthias Maier gentoo-dev 2017-06-03 15:07:09 UTC
The fix is in upstream commit

  4154c7e03fa55b4cf52509a83d50d6c09d743b77

which was already applied to the 2.9.0 release.


Security, please add to existing GLSA (bug #616874 and others).
Comment 3 Thomas Deutschmann gentoo-dev Security 2017-06-03 15:24:56 UTC
Added to an existing GLSA.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2017-06-06 06:50:53 UTC
This issue was resolved and addressed in
 GLSA 201706-03 at https://security.gentoo.org/glsa/201706-03
by GLSA coordinator Yury German (BlueKnight).