Back to bug 1298570
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-01-14 12:59:40 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-01-14 12:59:40 UTC | Doc Type | --- | Bug Fix |
| Adam Mariš | 2016-01-14 13:07:34 UTC | Blocks | 1298572 | |
| Adam Mariš | 2016-01-14 13:09:31 UTC | Depends On | 1296044 | |
| Prasad Pandit | 2016-01-19 17:13:11 UTC | CC | prasad | |
| Doc Text | Qemu emulator built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head(TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the Qemu instance resulting in DoS. | |||
| Whiteboard | impact=moderate,public=no,reported=20160113,source=redhat,cvss2=4.9/AV:N/AC:M/Au:S/C:N/I:P/A:P,rhel-5/kvm=new,rhel-6/qemu-kvm=new,rhel-6/qemu-kvm-rhev=new,rhel-7/qemu-kvm=new,rhel-7/qemu-kvm-rhev=new,openstack-5/qemu-kvm-rhev=new,openstack-6/qemu-kvm-rhev=new,openstack-7/qemu-kvm-rhev=new,openstack-8/qemu-kvm-rhev=new,rhev-m-3/qemu-kvm-rhev=new,fedora-all/qemu=affected,epel-all/qemu=affected | impact=low,public=20160119,reported=20160113,source=redhat,cwe=CWE-835,cvss2=2.3/AV:A/AC:M/Au:S/C:N/I:N/A:P,rhel-5/kvm=wontfix,rhel-5/xen=wontfix,rhel-6/qemu-kvm=wontfix,rhel-6/qemu-kvm-rhev=wontfix,rhel-7/qemu-kvm=wontfix,rhel-7/qemu-kvm-rhev=wontfix,openstack-5/qemu-kvm-rhev=wontifx,openstack-6/qemu-kvm-rhev=wontfix,openstack-7/qemu-kvm-rhev=wontifx,openstack-8/qemu-kvm-rhev=wontfix,fedora-all/qemu=affected,fedora-all/xen=affected | ||
| Prasad Pandit | 2016-01-19 17:18:09 UTC | Whiteboard | impact=low,public=20160119,reported=20160113,source=redhat,cwe=CWE-835,cvss2=2.3/AV:A/AC:M/Au:S/C:N/I:N/A:P,rhel-5/kvm=wontfix,rhel-5/xen=wontfix,rhel-6/qemu-kvm=wontfix,rhel-6/qemu-kvm-rhev=wontfix,rhel-7/qemu-kvm=wontfix,rhel-7/qemu-kvm-rhev=wontfix,openstack-5/qemu-kvm-rhev=wontifx,openstack-6/qemu-kvm-rhev=wontfix,openstack-7/qemu-kvm-rhev=wontifx,openstack-8/qemu-kvm-rhev=wontfix,fedora-all/qemu=affected,fedora-all/xen=affected | impact=low,public=20160119,reported=20160113,source=redhat,cwe=CWE-835,cvss2=2.3/AV:A/AC:M/Au:S/C:N/I:N/A:P,rhel-5/kvm=wontfix,rhel-5/xen=wontfix,rhel-6/qemu-kvm=wontfix,rhel-6/qemu-kvm-rhev=wontfix,rhel-7/qemu-kvm=wontfix,rhel-7/qemu-kvm-rhev=wontfix,openstack-5/qemu-kvm-rhev=wontfix,openstack-6/qemu-kvm-rhev=wontfix,openstack-7/qemu-kvm-rhev=wontfix,openstack-8/qemu-kvm-rhev=wontfix,fedora-all/qemu=affected,fedora-all/xen=affected |
| Prasad Pandit | 2016-01-19 17:18:40 UTC | Summary | EMBARGOED qemu-kvm: Infinite loop and out-of-bounds transfer start in start_xmit() and e1000_receive_iov() | qemu-kvm: Infinite loop and out-of-bounds transfer start in start_xmit() and e1000_receive_iov() |
| Prasad Pandit | 2016-01-19 17:18:49 UTC | Group | security, qe_staff | |
| Prasad Pandit | 2016-01-19 17:20:52 UTC | Depends On | 1299995 | |
| Prasad Pandit | 2016-01-19 17:21:12 UTC | Depends On | 1299996 | |
| Prasad Pandit | 2016-01-19 17:22:48 UTC | Summary | qemu-kvm: Infinite loop and out-of-bounds transfer start in start_xmit() and e1000_receive_iov() | Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines |
| Salvatore Bonaccorso | 2016-01-19 19:08:07 UTC | CC | carnil | |
| Adam Mariš | 2016-01-20 11:52:42 UTC | Priority | medium | low |
| Severity | medium | low | ||
| Andrej Nemec | 2016-01-22 07:47:53 UTC | Alias | CVE-2016-1981 | |
| Andrej Nemec | 2016-01-22 07:48:05 UTC | Summary | Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines | CVE-2016-1981 Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines |
| Prasad Pandit | 2016-02-05 09:42:25 UTC | Depends On | 1304999 | |
| Summer Long | 2016-03-13 23:22:56 UTC | CC | slong | |
| Doc Text | Qemu emulator built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head(TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the Qemu instance resulting in DoS. | An infinite-loop flaw was found in the QEMU emulator built with e1000 NIC emulation support. The flaw could occur while processing data using transmit or receive descriptors, provided the initial receive/transmit descriptor head(TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service). | ||
| John Skeoch | 2016-04-18 07:40:47 UTC | CC | yeylon | srevivo |
| Perry Myers | 2016-04-19 01:19:05 UTC | CC | pmyers | |
| Prasad Pandit | 2016-10-03 11:33:31 UTC | Blocks | 1326713 | |
| Tomas Hoger | 2016-10-31 21:41:02 UTC | Doc Text | An infinite-loop flaw was found in the QEMU emulator built with e1000 NIC emulation support. The flaw could occur while processing data using transmit or receive descriptors, provided the initial receive/transmit descriptor head(TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service). | An infinite-loop flaw was found in the QEMU emulator built with e1000 NIC emulation support. The flaw could occur while processing data using transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) was set outside the allocated descriptor buffer. A privileged user inside a guest could use this flaw to crash the QEMU instance. |
| Whiteboard | impact=low,public=20160119,reported=20160113,source=redhat,cwe=CWE-835,cvss2=2.3/AV:A/AC:M/Au:S/C:N/I:N/A:P,rhel-5/kvm=wontfix,rhel-5/xen=wontfix,rhel-6/qemu-kvm=wontfix,rhel-6/qemu-kvm-rhev=wontfix,rhel-7/qemu-kvm=wontfix,rhel-7/qemu-kvm-rhev=wontfix,openstack-5/qemu-kvm-rhev=wontfix,openstack-6/qemu-kvm-rhev=wontfix,openstack-7/qemu-kvm-rhev=wontfix,openstack-8/qemu-kvm-rhev=wontfix,fedora-all/qemu=affected,fedora-all/xen=affected | impact=low,public=20160119,reported=20160113,source=redhat,cwe=CWE-835,cvss2=2.3/AV:A/AC:M/Au:S/C:N/I:N/A:P,rhel-5/kvm=wontfix,rhel-5/xen=wontfix,rhel-6/qemu-kvm=wontfix,rhel-6/qemu-kvm-rhev=wontfix,rhel-7/qemu-kvm=affected,rhel-7/qemu-kvm-rhev=wontfix,openstack-5/qemu-kvm-rhev=wontfix,openstack-6/qemu-kvm-rhev=wontfix,openstack-7/qemu-kvm-rhev=wontfix,openstack-8/qemu-kvm-rhev=wontfix,fedora-all/qemu=affected,fedora-all/xen=affected | ||
| Martin Prpič | 2016-11-01 12:37:43 UTC | Doc Text | An infinite-loop flaw was found in the QEMU emulator built with e1000 NIC emulation support. The flaw could occur while processing data using transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) was set outside the allocated descriptor buffer. A privileged user inside a guest could use this flaw to crash the QEMU instance. | An infinite loop flaw was found in the way QEMU's e1000 NIC emulation implementation processed data using transmit or receive descriptors under certain conditions. A privileged user inside a guest could use this flaw to crash the QEMU instance. |
| Scott Herold | 2017-09-12 15:33:07 UTC | CC | sherold | |
| Joshua Padman | 2018-01-16 10:24:17 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Whiteboard | impact=low,public=20160119,reported=20160113,source=redhat,cwe=CWE-835,cvss2=2.3/AV:A/AC:M/Au:S/C:N/I:N/A:P,rhel-5/kvm=wontfix,rhel-5/xen=wontfix,rhel-6/qemu-kvm=wontfix,rhel-6/qemu-kvm-rhev=wontfix,rhel-7/qemu-kvm=affected,rhel-7/qemu-kvm-rhev=wontfix,openstack-5/qemu-kvm-rhev=wontfix,openstack-6/qemu-kvm-rhev=wontfix,openstack-7/qemu-kvm-rhev=wontfix,openstack-8/qemu-kvm-rhev=wontfix,fedora-all/qemu=affected,fedora-all/xen=affected | impact=low,public=20160119,reported=20160113,source=redhat,cvss2=2.3/AV:A/AC:M/Au:S/C:N/I:N/A:P,cwe=CWE-835,rhel-5/kvm=wontfix,rhel-5/xen=wontfix,rhel-6/qemu-kvm=wontfix,rhel-6/qemu-kvm-rhev=wontfix,rhel-7/qemu-kvm=affected,rhel-7/qemu-kvm-rhev=wontfix,openstack-5/qemu-kvm-rhev=wontfix,openstack-6/qemu-kvm-rhev=wontfix,openstack-7/qemu-kvm-rhev=wontfix,openstack-8/qemu-kvm-rhev=wontfix,fedora-all/qemu=affected,fedora-all/xen=affected | ||
| Last Closed | 2018-01-16 05:24:17 UTC | |||
| Gil Klein | 2019-04-28 13:07:39 UTC | CC | gklein | |
| Product Security DevOps Team | 2019-09-29 13:42:36 UTC | Whiteboard | impact=low,public=20160119,reported=20160113,source=redhat,cvss2=2.3/AV:A/AC:M/Au:S/C:N/I:N/A:P,cwe=CWE-835,rhel-5/kvm=wontfix,rhel-5/xen=wontfix,rhel-6/qemu-kvm=wontfix,rhel-6/qemu-kvm-rhev=wontfix,rhel-7/qemu-kvm=affected,rhel-7/qemu-kvm-rhev=wontfix,openstack-5/qemu-kvm-rhev=wontfix,openstack-6/qemu-kvm-rhev=wontfix,openstack-7/qemu-kvm-rhev=wontfix,openstack-8/qemu-kvm-rhev=wontfix,fedora-all/qemu=affected,fedora-all/xen=affected |
Back to bug 1298570