Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 593036 (CVE-2016-7156) - <app-emulation/qemu-2.7.0-r1: scsi: pvscsi: infinite loop when building SG list
Summary: <app-emulation/qemu-2.7.0-r1: scsi: pvscsi: infinite loop when building SG list
Status: RESOLVED FIXED
Alias: CVE-2016-7156
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B3 [glsa cve]
Keywords:
Depends on: CVE-2016-7157
Blocks:
  Show dependency tree
 
Reported: 2016-09-07 09:36 UTC by Agostino Sarubbo
Modified: 2016-09-26 00:39 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-09-07 09:36:49 UTC
From ${URL} :

Quick Emulator(Qemu) built with the VMWARE PVSCSI paravirtual SCSI bus 
emulation support is vulnerable to an infinite loop issue. It could occur 
while processing an IO request descriptor, building SG list.

A privileged user inside guest could use this flaw to crash the Qemu process 
resulting in DoS.

Upstream patch:
---------------
   -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00772.html

Reference:
----------
   -> https://bugzilla.redhat.com/show_bug.cgi?id=1373478



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Matthias Maier gentoo-dev 2016-09-09 05:27:15 UTC
Stabilization on bug #593038

commit b28fcd11405545eb2e4973f96823337531eebb08
Author: Matthias Maier <tamiko@gentoo.org>
Date:   Fri Sep 9 00:10:05 2016 -0500

    app-emulation/qemu: fix static-user dep, security patches, bug #593038
    
    This commit resolves
    
      bug #591202
      bug #593024
      bug #593034 CVE-2016-7155
      bug #593036 CVE-2016-7156
      bug #593038 CVE-2016-7157
    
    Package-Manager: portage-2.2.28
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2016-09-25 23:08:41 UTC
Added to an existing GLSA Request.
Cleanup in bug: 593038
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2016-09-26 00:39:23 UTC
This issue was resolved and addressed in
 GLSA 201609-01 at https://security.gentoo.org/glsa/201609-01
by GLSA coordinator Yury German (BlueKnight).