Quick Emulator(Qemu) built with the i8255x (PRO100) NIC emulation support is vulnerable to a memory leakage issue. It could occur while unplugging the device, and doing so repeatedly would result in leaking host memory affecting, other services on the host. A privileged user inside guest could use this flaw to cause a DoS on the host and/or potentially crash the Qemu process on the host. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg03024.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2016/10/27/14
Acknowledgments: Name: Li Qiang (360.cn Inc.)
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1389539]
CVE assignment: http://seclists.org/oss-sec/2016/q4/277
Not the referenced qemu-devel patch, but I think this was the fix: commit 2634ab7fe29b3f75d0865b719caf8f310d634aae Author: Li Qiang <liqiang6-s> Date: Sat Oct 8 05:07:25 2016 -0700 net: eepro100: fix memory leak in device uninit