Back to bug 1303120

Who When What Removed Added
Adam Mariš 2016-01-29 15:42:13 UTC CC security-response-team
Red Hat Bugzilla 2016-01-29 15:42:13 UTC Doc Type --- Bug Fix
Adam Mariš 2016-01-29 16:11:40 UTC Summary EMBARGOED qemu: Integer overflow in usb module causin memory leak and DoS EMBARGOED qemu: Integer overflow in usb module causing memory leak and DoS
Adam Mariš 2016-01-29 16:12:18 UTC Blocks 1303107
Prasad Pandit 2016-02-09 09:41:26 UTC Blocks 1305799
Prasad Pandit 2016-02-09 09:42:23 UTC Blocks 1303107
Prasad Pandit 2016-02-09 10:13:40 UTC Comment 2 is private 1 0
Priority medium low
CC prasad
Doc Text Qemu emulator built with the USB Net device emulation support is vulnerable to an integer overflow issue. It could occur while processing remote NDIS control message packets. As the incoming informationBufferOffset & Length combination could cross the
Doc Text integer range. A privileged user inside guest could use this flaw to leak host memory bytes to guest or crash the Qemu process instance resulting in DoS.
Whiteboard impact=moderate,public=no,reported=20160129,source=researcher,cvss2=5.8/AV:A/AC:M/Au:S/C:P/I:N/A:C,cwe=CWE-190,rhel-5/kvm=new,rhel-5/xen=new,rhel-6/qemu-kvm=new,rhel-6/qemu-kvm-rhev=new,rhel-7/qemu-kvm=new,rhel-7/qemu-kvm-rhev=new impact=low,public=20160205,reported=20160129,source=researcher,cvss2=3.8/AV:A/AC:M/Au:S/C:P/I:N/A:P,cwe=CWE-190,rhel-5/kvm=notaffected,rhel-5/xen=notaffected,rhel-6/qemu-kvm=notaffected,rhel-6/qemu-kvm-rhev=notaffected,rhel-7/qemu-kvm=wontfix
Whiteboard ,openstack-5/qemu-kvm-rhev=new,openstack-6/qemu-kvm-rhev=new,openstack-7/qemu-kvm-rhev=new,openstack-8/qemu-kvm-rhev=new,rhev-m-3/qemu-kvm-rhev=new,fedora-all/qemu=affected,fedora-all/xen=affected ,rhel-7/qemu-kvm-rhev=wontfix,openstack-5/qemu-kvm-rhev=wontfix,openstack-6/qemu-kvm-rhev=wontfix,openstack-7/qemu-kvm-rhev=wontfix,openstack-8/qemu-kvm-rhev=wontfix,fedora-all/qemu=affected,fedora-all/xen=affected
Severity medium low
Prasad Pandit 2016-02-09 10:15:34 UTC Summary EMBARGOED qemu: Integer overflow in usb module causing memory leak and DoS qemu: Integer overflow in usb module causing memory leak and DoS
Prasad Pandit 2016-02-09 10:15:43 UTC Group security, qe_staff
Prasad Pandit 2016-02-09 10:16:06 UTC Depends On 1305815
Prasad Pandit 2016-02-09 10:16:24 UTC Depends On 1305816
Prasad Pandit 2016-02-09 10:20:16 UTC Summary qemu: Integer overflow in usb module causing memory leak and DoS Qemu: usb: integer overflow in remote NDIS control message handling
Prasad Pandit 2016-02-23 17:15:28 UTC Alias CVE-2016-2538
Prasad Pandit 2016-02-23 17:15:42 UTC Summary Qemu: usb: integer overflow in remote NDIS control message handling CVE-2016-2538 Qemu: usb: integer overflow in remote NDIS control message handling
Summer Long 2016-03-13 23:19:15 UTC CC slong
Doc Text Qemu emulator built with the USB Net device emulation support is vulnerable to an integer overflow issue. It could occur while processing remote NDIS control message packets. As the incoming informationBufferOffset & Length combination could cross the integer range. A privileged user inside guest could use this flaw to leak host memory bytes to guest or crash the Qemu process instance resulting in DoS. An integer-overflow issue was found in the QEMU emulator built with USB Net device emulation support. The flaw could occur while processing remote NDIS control message packets because the incoming informationBufferOffset & Length combination could cross the integer range. A privileged user inside a guest could use this flaw to leak host memory bytes to the guest, or crash the QEMU process instance (denial of service).
John Skeoch 2016-04-18 07:33:52 UTC CC yeylon srevivo
Perry Myers 2016-04-19 00:58:57 UTC CC pmyers
Garth Mollett 2017-07-31 22:42:58 UTC CC cvsbot-xmlrpc, jjoyce, kbasil, virt-maint
Whiteboard impact=low,public=20160205,reported=20160129,source=researcher,cvss2=3.8/AV:A/AC:M/Au:S/C:P/I:N/A:P,cwe=CWE-190,rhel-5/kvm=notaffected,rhel-5/xen=notaffected,rhel-6/qemu-kvm=notaffected,rhel-6/qemu-kvm-rhev=notaffected,rhel-7/qemu-kvm=wontfix,rhel-7/qemu-kvm-rhev=wontfix,openstack-5/qemu-kvm-rhev=wontfix,openstack-6/qemu-kvm-rhev=wontfix,openstack-7/qemu-kvm-rhev=wontfix,openstack-8/qemu-kvm-rhev=wontfix,fedora-all/qemu=affected,fedora-all/xen=affected impact=low,public=20160205,reported=20160129,source=researcher,cvss2=3.8/AV:A/AC:M/Au:S/C:P/I:N/A:P,cwe=CWE-190,rhel-5/kvm=notaffected,rhel-5/xen=notaffected,rhel-6/qemu-kvm=notaffected,rhel-6/qemu-kvm-rhev=notaffected,rhel-7/qemu-kvm=wontfix,rhel-7/qemu-kvm-rhev=wontfix,openstack-5/qemu-kvm-rhev=notaffected,openstack-6/qemu-kvm-rhev=notaffected,openstack-7/qemu-kvm-rhev=notaffected,openstack-8/qemu-kvm-rhev=notaffected,fedora-all/qemu=affected,fedora-all/xen=affected
Adam Young 2017-08-01 02:35:31 UTC CC ayoung
Scott Herold 2017-09-12 15:27:28 UTC CC sherold
PnT Account Manager 2018-01-30 23:55:42 UTC CC aortega
PnT Account Manager 2018-07-18 14:48:41 UTC CC rbalakri
PnT Account Manager 2018-11-05 22:42:27 UTC CC ylavi
Gil Klein 2019-04-14 12:59:54 UTC CC gklein
Product Security DevOps Team 2019-06-08 02:48:03 UTC Status NEW CLOSED
Resolution --- WONTFIX
Last Closed 2019-06-08 02:48:03 UTC
Product Security DevOps Team 2019-09-29 13:43:28 UTC Whiteboard impact=low,public=20160205,reported=20160129,source=researcher,cvss2=3.8/AV:A/AC:M/Au:S/C:P/I:N/A:P,cwe=CWE-190,rhel-5/kvm=notaffected,rhel-5/xen=notaffected,rhel-6/qemu-kvm=notaffected,rhel-6/qemu-kvm-rhev=notaffected,rhel-7/qemu-kvm=wontfix,rhel-7/qemu-kvm-rhev=wontfix,openstack-5/qemu-kvm-rhev=notaffected,openstack-6/qemu-kvm-rhev=notaffected,openstack-7/qemu-kvm-rhev=notaffected,openstack-8/qemu-kvm-rhev=notaffected,fedora-all/qemu=affected,fedora-all/xen=affected
Ondrej Soukup 2021-06-01 14:49:03 UTC CC osoukup

Back to bug 1303120