Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 612220 (CVE-2017-6505) - <app-emulation/qemu-2.8.0-r8: usb: an infinite loop issue in ohci_service_ed_list (CVE-2017-6505)
Summary: <app-emulation/qemu-2.8.0-r8: usb: an infinite loop issue in ohci_service_ed_...
Status: RESOLVED FIXED
Alias: CVE-2017-6505
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B3 [glsa cve]
Keywords:
Depends on: CVE-2016-9602
Blocks:
  Show dependency tree
 
Reported: 2017-03-10 16:28 UTC by Agostino Sarubbo
Modified: 2017-04-10 21:28 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-03-10 16:28:16 UTC
From ${URL} :

Quick Emulator built with the USB OHCI Emulation support is vulnerable to an 
infinite loop issue. It could occur while processing an endpoint list 
descriptor in ohci_service_ed_list().

A guest user/process could use this flaw to crash Qemu process resulting in 
DoS.

Upstream patch:
---------------
   -> http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb

Reference:
----------
   -> https://bugzilla.redhat.com/show_bug.cgi?id=1429432

This issue was reported by Li Qiang of 360.cn Inc.

'CVE-2017-6505' allocated via -> http://cveform.mitre.org/


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2017-03-19 13:57:05 UTC
CVE-2017-6505 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6505):
  The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick
  Emulator) allows local guest OS users to cause a denial of service (infinite
  loop) via vectors involving the number of link endpoint list descriptors.
Comment 2 Matthias Maier gentoo-dev 2017-03-27 04:05:08 UTC
commit b054426687f5eccea1873b53afed11100ca1eb8d
Author: Matthias Maier <tamiko@gentoo.org>
Date:   Sun Mar 26 22:18:22 2017 -0500

    app-emulation/qemu: security patches, bug #612220
    
      CVE-2017-6505, bug #612220
    
    Package-Manager: Portage-2.3.3, Repoman-2.3.2
Comment 3 Yury German Gentoo Infrastructure gentoo-dev Security 2017-03-28 04:21:05 UTC
Corrected Whiteboard. 
Added to an existing GLSA Request - Since we are writing it up.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2017-04-10 21:28:02 UTC
This issue was resolved and addressed in
 GLSA 201704-01 at https://security.gentoo.org/glsa/201704-01
by GLSA coordinator Kristian Fiskerstrand (K_F).