Quick emulator(Qemu) built with the USB xHCI controller emulator support is vulnerable to an infinite recursive call loop issue. It could occur while processing control transfer descriptors' sequence in xhci_kick_epctx. A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS. Upstream patch: --------------- -> http://git.qemu.org/?p=qemu.git;a=commitdiff;h=96d87bdda3919bb16f754b3d3fd1227e1f38f13c Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/06/05/2
Acknowledgments: Name: Li Qiang (Qihoo 360 Gear Team)
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1458747]
This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Red Hat OpenStack Platform 11.0 (Ocata) Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 Red Hat OpenStack Platform 8.0 (Liberty) Red Hat OpenStack Platform 9.0 (Mitaka) Via RHSA-2017:2408 https://access.redhat.com/errata/RHSA-2017:2408
This issue has been addressed in the following products: RHEV 4.X RHEV-H and Agents for RHEL-7 Via RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2392