From ${URL} : Quick Emulator built with the USB OHCI Emulation support is vulnerable to an infinite loop issue. It could occur while processing an endpoint list descriptor in ohci_service_ed_list(). A guest user/process could use this flaw to crash Qemu process resulting in DoS. Upstream patch: --------------- -> http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb Reference: ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1429432 This issue was reported by Li Qiang of 360.cn Inc. 'CVE-2017-6505' allocated via -> http://cveform.mitre.org/ @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2017-6505 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6505): The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors.
commit b054426687f5eccea1873b53afed11100ca1eb8d Author: Matthias Maier <tamiko@gentoo.org> Date: Sun Mar 26 22:18:22 2017 -0500 app-emulation/qemu: security patches, bug #612220 CVE-2017-6505, bug #612220 Package-Manager: Portage-2.3.3, Repoman-2.3.2
Corrected Whiteboard. Added to an existing GLSA Request - Since we are writing it up.
This issue was resolved and addressed in GLSA 201704-01 at https://security.gentoo.org/glsa/201704-01 by GLSA coordinator Kristian Fiskerstrand (K_F).
