Vulnerability CVE-2016-4037: Information
Description
The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.
Severity: MEDIUM (6.0) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| qemu | sisyphus | 2.6.0-alt1 | 8.2.2-alt3 | ALT-PU-2016-1565-1 | 164723 | Fixed |
| qemu | p10 | 2.6.0-alt1 | 8.2.2-alt0.p10.1 | ALT-PU-2016-1565-1 | 164723 | Fixed |
| qemu | p9 | 2.6.0-alt1 | 5.2.0-alt6 | ALT-PU-2016-1565-1 | 164723 | Fixed |
| qemu | p8 | 2.6.0-alt1 | 2.11.0-alt0.M80P.4 | ALT-PU-2016-1596-1 | 165738 | Fixed |
| qemu | c10f1 | 2.6.0-alt1 | 8.0.4-alt1.p10 | ALT-PU-2016-1565-1 | 164723 | Fixed |
| qemu | c9f2 | 2.6.0-alt1 | 5.2.0-alt6.c9.1 | ALT-PU-2016-1565-1 | 164723 | Fixed |
| qemu | c7 | 2.5.1.1-alt0.M70C.1 | 2.5.1.1-alt0.M70C.5 | ALT-PU-2016-2004-1 | 169626 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| [oss-security] 20160418 Re: Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process |
|
| [qemu-devel] 20160418 [PATCH 1/2] ehci: apply limit to itd/sidt descriptors |
|
| FEDORA-2016-35d7b09908 |
|
| [oss-security] 20160418 Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process |
|
| FEDORA-2016-48e72b7bc5 |
|
| [qemu-devel] 20160418 Re: [PATCH 1/2] ehci: apply limit to itd/sidt descriptors |
|
| FEDORA-2016-75063477ca |
|
| USN-2974-1 |
|
| 86283 |
|
| [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update |
|
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1ae3f2f178087711f9591350abad133525ba93f2 |