Bug 1298570 - (CVE-2016-1981) CVE-2016-1981 Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines
CVE-2016-1981 Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20160119,reported=2...
: Security
: 1329604 1332106 (view as bug list)
Depends On: 1296044 1299995 1299996 1304999
Blocks: 1298572 1326713
  Show dependency treegraph
 
Reported: 2016-01-14 07:59 EST by Adam Mariš
Modified: 2018-01-16 05:24 EST (History)
35 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
An infinite loop flaw was found in the way QEMU's e1000 NIC emulation implementation processed data using transmit or receive descriptors under certain conditions. A privileged user inside a guest could use this flaw to crash the QEMU instance.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-01-16 05:24:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed patch (1.67 KB, patch)
2016-01-14 08:01 EST, Adam Mariš
no flags Details | Diff

  None (edit)
Description Adam Mariš 2016-01-14 07:59:40 EST
Qemu emulator built with the e1000 NIC emulation support is vulnerable to an
infinite loop issue. It could occur while processing data via transmit or
receive descriptors, provided the initial receive/transmit descriptor
head(TDH/RDH) is set outside the allocated descriptor buffer.

A privileged user inside guest could use this flaw to crash the Qemu instance resulting in DoS.

Upstream patch
--------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2016/01/22/1
Comment 1 Adam Mariš 2016-01-14 08:01 EST
Created attachment 1114796 [details]
Proposed patch
Comment 2 Prasad J Pandit 2016-01-19 12:13:11 EST
Statement: 

This issue affects the versions of kvm and xen packages as shipped with Red Hat Enterprise Linux 5.

This issue affects the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6 and 7.

This issue affects the Red Hat Enterprise Linux 6 based versions of qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3.

This issue affect the Red Hat Enterprise Linux 7 based versions of the qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3.

This has been rated as having Low security impact and is not currently
planned to be addressed in future updates. For additional information, refer
to the Red Hat Enterprise Linux Life Cycle:
https://access.redhat.com/support/policy/updates/errata/.
Comment 3 Prasad J Pandit 2016-01-19 12:21:31 EST
Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1299996]
Comment 4 Prasad J Pandit 2016-01-19 12:21:50 EST
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1299995]
Comment 7 Fedora Update System 2016-02-21 07:58:34 EST
qemu-2.4.1-7.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2016-02-21 11:19:14 EST
qemu-2.4.1-7.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2016-02-21 11:25:14 EST
qemu-2.4.1-7.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2016-02-25 03:51:36 EST
qemu-2.3.1-12.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2016-03-19 17:22:37 EDT
xen-4.5.2-9.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2016-03-19 22:26:30 EDT
xen-4.5.2-9.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 13 Prasad J Pandit 2016-10-03 07:33:31 EDT
*** Bug 1329604 has been marked as a duplicate of this bug. ***
Comment 14 errata-xmlrpc 2016-11-03 16:09:14 EDT
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:2585 https://rhn.redhat.com/errata/RHSA-2016-2585.html
Comment 16 Prasad J Pandit 2017-02-07 13:10:11 EST
*** Bug 1332106 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.