Bug 1445621 (CVE-2017-8112) - CVE-2017-8112 Qemu: scsi: vmw_pvscsi: infinite loop in pvscsi_log2
Summary: CVE-2017-8112 Qemu: scsi: vmw_pvscsi: infinite loop in pvscsi_log2
Status: CLOSED NOTABUG
Alias: CVE-2017-8112
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20170425,reported=2...
Keywords: Security
Depends On: 1445622
Blocks: 1326713
TreeView+ depends on / blocked
 
Reported: 2017-04-26 07:13 UTC by Prasad J Pandit
Modified: 2018-01-16 10:25 UTC (History)
40 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2018-01-16 10:25:52 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Prasad J Pandit 2017-04-26 07:13:45 UTC 
Quick Emulator(Qemu) built with the VMWARE PVSCSI paravirtual SCSI bus
emulation support is vulnerable to an infinite loop issue.
It could occur while initialising SCSI message ring buffer in pvscsi_log2().

A privileged user inside guest could use this flaw to consume host cpu cycles
or crash the Qemu process resulting in DoS.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04578.html

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2017/04/26/5
Comment 1 Prasad J Pandit 2017-04-26 07:14:29 UTC 
Acknowledgments:

Name: Li Qiang (Qihoo 360 Gear Team) YY Z(Researcher)
Comment 2 Prasad J Pandit 2017-04-26 07:15:53 UTC 
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1445622]
Comment 3 Fedora Update System 2017-07-25 21:25:07 UTC 
qemu-2.7.1-7.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.