Quick Emulator(Qemu) built with the Rocker switch emulation support is vulnerable to an OOB read access issue. It could occur while performing a DMA access 'TEST_DMA_CTRL_INVERT' test. A privileged guest user could use this issue to crash the Qemu process instance on the host resulting in DoS. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02501.html
Acknowledgments: Name: PSIRT (Huawei Inc.)
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1384898]
CVE assignment: http://seclists.org/oss-sec/2016/q4/141
commit 8caed3d564672e8bc6d2e4c6a35228afd01f4723 Author: Prasad J Pandit <pjp> Date: Wed Oct 12 14:40:55 2016 +0530 net: rocker: set limit to DMA buffer size