qemu: three vulnerabilities
| Package(s): | qemu | CVE #(s): | CVE-2016-7466 CVE-2016-8576 CVE-2016-7995 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | October 19, 2016 | Updated: | October 26, 2016 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Red Hat bugzilla:
CVE-2016-7466: Quick Emulator(Qemu) built with the USB xHCI controller emulation support is vulnerable to a memory leakage issue. It could occur while doing a USB device unplug operation; Doing so repeatedly would result in leaking host memory, affecting other services on the host. A privileged user inside guest could use this flaw to cause a DoS on the host and/or potentially crash the Qemu process instance on the host. CVE-2016-8576: Quick Emulator(Qemu) built with the USB xHCI controller emulation support is vulnerable to an infinite loop issue. It could occur while processing USB command ring in 'xhci_ring_fetch'. A privileged user/process inside guest could use this issue to crash the Qemu process on the host leading to DoS. CVE-2016-7995: Qemu emulator(Qemu) built with the USB EHCI emulation support is vulnerable to a memory leakage flaw. It could occur while processing isochronous transfer descriptors(iTD), with buffer page select(PG) index that falls beyond buffer page array area. A privileged user inside guest could use this flaw to leak Qemu memory bytes leading to a DoS on the host. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||