Bug 1298570 (CVE-2016-1981) - CVE-2016-1981 Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines
Summary: CVE-2016-1981 Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_...
Status: CLOSED ERRATA
Alias: CVE-2016-1981
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20160119,reported=2...
Keywords: Security
: 1329604 1332106 (view as bug list)
Depends On: 1296044 1299995 1299996 1304999
Blocks: 1298572 1326713
TreeView+ depends on / blocked
 
Reported: 2016-01-14 12:59 UTC by Adam Mariš
Modified: 2019-06-08 20:56 UTC (History)
34 users (show)

(edit)
An infinite loop flaw was found in the way QEMU's e1000 NIC emulation implementation processed data using transmit or receive descriptors under certain conditions. A privileged user inside a guest could use this flaw to crash the QEMU instance.
Clone Of:
(edit)
Last Closed: 2018-01-16 10:24:17 UTC


Attachments (Terms of Use)
Proposed patch (1.67 KB, patch)
2016-01-14 13:01 UTC, Adam Mariš
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2585 normal SHIPPED_LIVE Moderate: qemu-kvm security, bug fix, and enhancement update 2016-11-03 12:09:03 UTC

Description Adam Mariš 2016-01-14 12:59:40 UTC
Qemu emulator built with the e1000 NIC emulation support is vulnerable to an
infinite loop issue. It could occur while processing data via transmit or
receive descriptors, provided the initial receive/transmit descriptor
head(TDH/RDH) is set outside the allocated descriptor buffer.

A privileged user inside guest could use this flaw to crash the Qemu instance resulting in DoS.

Upstream patch
--------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2016/01/22/1

Comment 1 Adam Mariš 2016-01-14 13:01 UTC
Created attachment 1114796 [details]
Proposed patch

Comment 2 Prasad J Pandit 2016-01-19 17:13:11 UTC
Statement: 

This issue affects the versions of kvm and xen packages as shipped with Red Hat Enterprise Linux 5.

This issue affects the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6 and 7.

This issue affects the Red Hat Enterprise Linux 6 based versions of qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3.

This issue affect the Red Hat Enterprise Linux 7 based versions of the qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3.

This has been rated as having Low security impact and is not currently
planned to be addressed in future updates. For additional information, refer
to the Red Hat Enterprise Linux Life Cycle:
https://access.redhat.com/support/policy/updates/errata/.

Comment 3 Prasad J Pandit 2016-01-19 17:21:31 UTC
Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1299996]

Comment 4 Prasad J Pandit 2016-01-19 17:21:50 UTC
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1299995]

Comment 7 Fedora Update System 2016-02-21 12:58:34 UTC
qemu-2.4.1-7.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2016-02-21 16:19:14 UTC
qemu-2.4.1-7.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2016-02-21 16:25:14 UTC
qemu-2.4.1-7.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2016-02-25 08:51:36 UTC
qemu-2.3.1-12.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2016-03-19 21:22:37 UTC
xen-4.5.2-9.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2016-03-20 02:26:30 UTC
xen-4.5.2-9.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 13 Prasad J Pandit 2016-10-03 11:33:31 UTC
*** Bug 1329604 has been marked as a duplicate of this bug. ***

Comment 14 errata-xmlrpc 2016-11-03 20:09:14 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:2585 https://rhn.redhat.com/errata/RHSA-2016-2585.html

Comment 16 Prasad J Pandit 2017-02-07 18:10:11 UTC
*** Bug 1332106 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.