Bug 1327626

Summary: Qemu: timer: a9gtimer: Infinite loop unfolds when updating a9gtimer
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: abaron, ailan, alonbl, aortega, apevec, areis, ayoung, bmcclain, chrisw, dallan, dblechte, drjones, eedri, gklein, gkotton, imammedo, jen, jschluet, knoel, lhh, lpeer, markmc, mgoldboi, michal.skrivanek, mkenneth, mrezanin, mst, pbonzini, ppandit, rbalakri, rbryant, rkrcmar, sclewis, security-response-team, sherold, srevivo, tdecacqu, vkuznets, ykaul, ylavi
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-02-07 07:16:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1388300, 1388301    
Bug Blocks: 1326713    

Description Adam Mariš 2016-04-15 13:46:16 UTC
Quick Emulator(Qemu) built with the peripheral timer block for ARM A9MP emulator support is vulnerable to an infinite loop issue. It could occur while updating the a9gtimer in 'a9_gtimer_update'.

A privileged user inside guest could use this flaw to consume excessive CPU cycles on the host resulting in DoS.

Upstream patch:
---------------
  -> git.qemu.org/?p=qemu.git;a=commit;h=6be8f5e2626e102433e569d9cece2120baf0c879

Comment 1 Adam Mariš 2016-04-15 13:46:41 UTC
Acknowledgments:

Name: Li Qiang (Qihoo 360, Inc.)

Comment 3 Prasad J Pandit 2016-10-25 05:16:35 UTC
Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1388301]

Comment 4 Prasad J Pandit 2016-10-25 05:16:50 UTC
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1388300]