Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 619018 (CVE-2017-9310) - <app-emulation/qemu-2.9.0: net: infinite loop in e1000e NIC emulation
Summary: <app-emulation/qemu-2.9.0: net: infinite loop in e1000e NIC emulation
Status: RESOLVED FIXED
Alias: CVE-2017-9310
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [glsa cve]
Keywords:
: 620306 (view as bug list)
Depends on:
Blocks:
 
Reported: 2017-05-20 08:20 UTC by Agostino Sarubbo
Modified: 2017-06-06 06:50 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-05-20 08:20:22 UTC
From ${URL} :

Qemu emulator built with the e1000e NIC emulation support is vulnerable to an
infinite loop issue. It could occur while processing data via transmit or
receive descriptors, provided the initial receive/transmit descriptor
head(TDH/RDH) is set outside the allocated descriptor buffer.

A privileged user inside guest could use this flaw to crash the Qemu instance
resulting in DoS.

Upstream patch:
---------------
  -> http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4154c7e03fa55b4cf52509a83d50d6c09d743b7


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Matthias Maier gentoo-dev 2017-06-03 14:32:52 UTC
*** Bug 620306 has been marked as a duplicate of this bug. ***
Comment 2 Matthias Maier gentoo-dev 2017-06-03 15:07:09 UTC
The fix is in upstream commit

  4154c7e03fa55b4cf52509a83d50d6c09d743b77

which was already applied to the 2.9.0 release.


Security, please add to existing GLSA (bug #616874 and others).
Comment 3 Thomas Deutschmann gentoo-dev Security 2017-06-03 15:24:56 UTC
Added to an existing GLSA.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2017-06-06 06:50:53 UTC
This issue was resolved and addressed in
 GLSA 201706-03 at https://security.gentoo.org/glsa/201706-03
by GLSA coordinator Yury German (BlueKnight).