| Summary: | <app-emulation/qemu-2.9.0: usb: xhci infinite recursive call via xhci_kick_ep | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | qemu+disabled |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1458744 | ||
| Whiteboard: | B3 [noglsa cve] | ||
| Package list: | Runtime testing required: | --- | |
This commit is already in upstream version 2.9.0. GLSA Vote: No |
From ${URL} : Quick emulator(Qemu) built with the USB xHCI controller emulator support is vulnerable to an infinite recursive call loop issue. It could occur while processing control transfer descriptors' sequence in xhci_kick_epctx. A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS. Upstream patch: --------------- -> http://git.qemu.org/?p=qemu.git;a=commitdiff;h=96d87bdda3919bb16f754b3d3fd1227e1f38f13c Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/06/05/2 @security: please check if this issue needs a GLSA.