Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 571562 (CVE-2015-8744) - <app-emulation/qemu-2.5.0-r1: incorrect l2 header validation leads to a crash (CVE-2015-8744)
Summary: <app-emulation/qemu-2.5.0-r1: incorrect l2 header validation leads to a crash...
Status: RESOLVED FIXED
Alias: CVE-2015-8744
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B3 [glsa cve cleanup]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-01-11 16:59 UTC by Agostino Sarubbo
Modified: 2016-02-04 09:35 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-01-11 16:59:27 UTC
From ${URL} :

Qemu emulator built with a VMWARE VMXNET3 paravirtual NIC emulator support is 
vulnerable to crash issue. It occurs when a guest sends a Layer-2 packets 
smaller than 22 bytes.

A privileged(CAP_SYS_RAWIO) guest user could use this flaw to crash the Qemu 
process instance resulting in DoS.

Upstream patch:
- ---------------
   -> http://git.qemu.org/?p=qemu.git;a=commitdiff;h=a7278b36fcab9af469563bd7b

Reference:
- ----------
   -> https://bugzilla.redhat.com/show_bug.cgi?id=1270871



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 SpanKY gentoo-dev 2016-01-18 04:36:09 UTC
this is included in the 2.5.0 release in the tree.  no plans to backport to 2.4.
Comment 2 Agostino Sarubbo gentoo-dev 2016-01-26 15:03:20 UTC
The stabilization happened in bug 571566
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2016-01-26 19:09:42 UTC
CVE-2015-8744 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8744):
  A reachable-assertion flaw was found in the QEMU emulator built with
  VMWARE-VMXNET3 paravirtualized NIC emulator support. The flaw occurs if a
  guest sends a Layer-2 packet that was smaller than 22 bytes. A privileged
  (CAP_SYS_RAWIO) guest user could exploit this flaw to crash the QEMU process
  instance, resulting in denial of service.
Comment 4 Kristian Fiskerstrand gentoo-dev Security 2016-01-26 19:10:02 UTC
Added to existing GLSA draft
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2016-02-04 09:35:31 UTC
This issue was resolved and addressed in
 GLSA 201602-01 at https://security.gentoo.org/glsa/201602-01
by GLSA coordinator Kristian Fiskerstrand (K_F).