Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 571564 (CVE-2015-8745) - <app-emulation/qemu-2.5.0-r1: net: vmxnet3: reading IMR registers leads to a crash (CVE-2015-8745)
Summary: <app-emulation/qemu-2.5.0-r1: net: vmxnet3: reading IMR registers leads to a ...
Status: RESOLVED FIXED
Alias: CVE-2015-8745
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B3 [glsa cve cleanup]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-01-11 17:01 UTC by Agostino Sarubbo
Modified: 2016-02-04 09:35 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-01-11 17:01:14 UTC
From ${URL} :

Qemu emulator built with a VMWARE VMXNET3 paravirtual NIC emulator support is 
vulnerable to crash issue. It could occur while reading Interrupt Mask 
Registers(IMR).

A privileged(CAP_SYS_RAWIO) guest user could use this flaw to crash the Qemu 
process instance resulting in DoS.

Upstream patch:
- ---------------
   -> http://git.qemu.org/?p=qemu.git;a=commit;h=c6048f849c7e3f009786df76206e895

Reference:
- ----------
   -> https://bugzilla.redhat.com/show_bug.cgi?id=1270876
Comment 1 SpanKY gentoo-dev 2016-01-18 04:36:40 UTC
this is included in the 2.5.0 release in the tree.  no plans to backport to 2.4.
Comment 2 Agostino Sarubbo gentoo-dev 2016-01-26 15:03:17 UTC
The stabilization happened in bug 571566
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2016-01-26 19:08:01 UTC
CVE-2015-8745 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8745):
  A reachable-assertion flaw was found in the QEMU emulator built with
  VMWARE-VMXNET3 paravirtualized NIC emulator support. The flaw could occur
  while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO)
  guest user could exploit this flaw to crash the QEMU process instance,
  resulting in denial of service.
Comment 4 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-01-26 19:08:23 UTC
Added to existing GLSA draft
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2016-02-04 09:35:39 UTC
This issue was resolved and addressed in
 GLSA 201602-01 at https://security.gentoo.org/glsa/201602-01
by GLSA coordinator Kristian Fiskerstrand (K_F).