Quick Emulator(Qemu) built with the LSI SAS1068 Host Bus Adapter emulation support is vulnerable to an infinite loop issue. It could occur while fetching new requests in mptsas_fetch_requests(). A privileged user inside guest could use this flaw to consume excessive host resources or crash the Qemu process resulting in DoS. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04027.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2016/05/24/4
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1339157]
Acknowledgments: Name: Li Qiang (Qihoo 360 Inc.)
CVE assignment via: http://seclists.org/oss-sec/2016/q2/399
qemu-2.6.0-4.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.