Bug 1933827

Summary: QEMU: net: rtl8139: stack overflow induced by infinite recursion issue
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED DUPLICATE QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: berrange, cfergeau, jen, jferlan, jforbes, jmaloy, knoel, m.a.young, mkenneth, mrezanin, mst, ondrejj, pbonzini, philmd, ribarry, rjones, robinlee.sysu, virt-maint, virt-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-03-04 16:55:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1933828, 1933829    
Bug Blocks: 1933831, 1933837    

Description Guilherme de Almeida Suckevicz 2021-03-01 19:58:07 UTC 
A flaw was found in QEMU. A stack-overflow induced by infinite recursion issue in rtl8139 emulator could lead to DoS.

References:
https://bugs.launchpad.net/qemu/+bug/1910826
https://lists.gnu.org/archive/html/qemu-devel/2021-03/msg00010.html
Comment 1 Guilherme de Almeida Suckevicz 2021-03-01 19:58:36 UTC 
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1933829]


Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1933828]
Comment 2 Prasad Pandit 2021-03-02 10:05:53 UTC 
Hello Guilherme,

> https://lists.gnu.org/archive/html/qemu-devel/2021-03/msg00010.html
> The CVE-2021-3419 has been assigned for this issue.

* We need to reject/cancel this CVE assignment.

* Because above single patch and many other similar patches are being
  merged upstream via its original series below

  CVE-2021-3416 QEMU: net: infinite loop in loopback mode may lead to stack overflow
   -> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-3416
   -> https://lists.gnu.org/archive/html/qemu-devel/2021-03/msg00392.html

* This series was already assigned CVE-ID => CVE-2021-3416.

* We don't want two(or multiple) CVE-IDs for the same issue/series.

* Please kindly reject/cancel this CVE => CVE-2021-3419.

Thank you.
Comment 3 Guilherme de Almeida Suckevicz 2021-03-02 12:50:31 UTC 
Hi PJP,

CVE-2021-3419 rejected, Mitre was notified and the CVE-2021-3419 page should be marked as rejected/duplicated soon.
Also, removed CVE-2021-3419 from alias.

Thank you.
Comment 4 Mauro Matteo Cascella 2021-03-04 16:55:25 UTC 

*** This bug has been marked as a duplicate of bug 1932827 ***
Comment 5 Mauro Matteo Cascella 2021-03-04 16:57:30 UTC 
Statement:

This flaw was found to be a duplicate of CVE-2021-3416. Please see https://access.redhat.com/security/cve/CVE-2021-3416 for information about affected products and security errata.