Qemu emulator built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packets smaller than 22 bytes. A privileged(CAP_SYS_RAWIO) guest user could use this flaw to crash the Qemu process instance resulting in DoS. Upstream patch: --------------- -> http://git.qemu.org/?p=qemu.git;a=commitdiff;h=a7278b36fcab9af469563bd7b Reference: ---------- -> http://www.openwall.com/lists/oss-security/2016/01/04/6
Created attachment 1082030 [details] Patch
RHEL and RHEV QEMU is not affected because it doesn't ship the vmx device.
Statement: This issue does not affect the versions of the kvm and xen packages as shipped with Red Hat Enterprise Linux 5. This issue does not affect the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6, and the Red Hat Enterprise Linux 6 based versions of qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3. This issue does not affect the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 7. This issue does not affect the Red Hat Enterprise Linux 7 based versions of the qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3.
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1295441]
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1295440]
qemu-2.4.1-5.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
qemu-2.3.1-10.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
xen-4.5.2-7.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
xen-4.5.2-7.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.