FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

qemu -- denial of service vulnerabilities in eepro100 NIC support

Affected packages
qemu < 2.5.50
qemu-devel < 2.5.50
qemu-sbruno < 2.5.50.g20160213
qemu-user-static < 2.5.50.g20160213

Details

VuXML ID b56fe6bb-b1b1-11e5-9728-002590263bf5
Discovery 2015-10-16
Entry 2016-01-03
Modified 2016-07-06

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the i8255x (PRO100) emulation support is vulnerable to an infinite loop issue. It could occur while processing a chain of commands located in the Command Block List (CBL). Each Command Block(CB) points to the next command in the list. An infinite loop unfolds if the link to the next CB points to the same block or there is a closed loop in the chain.

A privileged(CAP_SYS_RAWIO) user inside guest could use this flaw to crash the Qemu instance resulting in DoS.

References

CVE Name CVE-2015-8345
FreeBSD PR ports/205813
FreeBSD PR ports/205814
URL http://git.qemu.org/?p=qemu.git;a=commit;h=00837731d254908a841d69298a4f9f077babaf24
URL http://www.openwall.com/lists/oss-security/2015/11/25/3
URL https://github.com/seanbruno/qemu-bsd-user/commit/00837731d254908a841d69298a4f9f077babaf24
URL https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html