Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 572412 (CVE-2016-1981) - <app-emulation/qemu-2.5.0-r2: e1000 infinite loop in start_xmit and e1000_receive_iov routines (CVE-2016-1981)
Summary: <app-emulation/qemu-2.5.0-r2: e1000 infinite loop in start_xmit and e1000_rec...
Alias: CVE-2016-1981
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa cve]
Depends on: 578044
  Show dependency tree
Reported: 2016-01-20 08:15 UTC by Agostino Sarubbo
Modified: 2016-04-02 18:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-01-20 08:15:30 UTC
From ${URL} :

Qemu emulator built with the e1000 NIC emulation support is vulnerable to an 
infinite loop issue. It could occur while processing data via transmit or 
receive descriptors, provided the initial receive/transmit descriptor 
head(TDH/RDH) is set outside the allocated descriptor buffer.

A privileged user inside guest could use this flaw to crash the Qemu instance 
resulting in DoS.

Upstream patch
- --------------

- ----------

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 2 SpanKY gentoo-dev 2016-03-23 05:26:00 UTC
this is in qemu-2.5.0-r2 and is fine for stable
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2016-03-23 06:13:32 UTC
Added to existing GLSA.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2016-04-02 17:18:29 UTC
Clean as part of bug #567420
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2016-04-02 18:27:45 UTC
This issue was resolved and addressed in
 GLSA 201604-01 at
by GLSA coordinator Yury German (BlueKnight).