|
|
Log in / Subscribe / Register

qemu: denial of service

Package(s):qemu CVE #(s):CVE-2016-1922 CVE-2015-8701
Created:January 25, 2016 Updated:January 27, 2016
Description: From the Red Hat bugzilla:

CVE-2016-1922: Qemu emulator built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference.

A user/process could use this flaw to crash the Qemu instance, resulting in DoS issue.

CVE-2015-8701: Qemu emulator built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit(tx) descriptors in 'tx_consume' routine, if a descriptor was to have more than allowed (ROCKER_TX_FRAGS_MAX=16)fragments.

A privileged user inside guest could use this flaw to cause memory leakage on the host or crash the Qemu process instance resulting in DoS issue.

Alerts:
SUSE SUSE-SU-2016:1785-1 kvm 2016-07-11
openSUSE openSUSE-SU-2016:1750-1 qemu 2016-07-06
SUSE SUSE-SU-2016:1703-1 qemu 2016-06-29
SUSE SUSE-SU-2016:1698-1 kvm 2016-06-28
Fedora FEDORA-2016-42778e8c82 qemu 2016-01-24
SUSE SUSE-SU-2016:1560-1 qemu 2016-06-13
Mageia MGASA-2016-0176 qemu 2016-05-18
SUSE SUSE-SU-2016:1318-1 xen 2016-05-17
SUSE SUSE-SU-2016:0955-1 xen 2016-04-05
Gentoo 201604-01 qemu 2016-04-02
SUSE SUSE-SU-2016:0873-1 xen 2016-03-24
Fedora FEDORA-2016-38b20aa50f xen 2016-03-19
Fedora FEDORA-2016-f4504e9445 xen 2016-03-20
Debian DSA-3470-1 qemu-kvm 2016-02-08
Debian DSA-3471-1 qemu 2016-02-08
Debian DSA-3469-1 qemu 2016-02-08
Gentoo 201602-01 qemu 2016-02-04
Ubuntu USN-2891-1 qemu, qemu-kvm 2016-02-03
Fedora FEDORA-2016-275e9ff483 qemu 2016-02-02
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds