[Secure-testing-team] Bug#809230: CVE-2015-8558: usb: infinite loop in ehci_advance_state results in DoS
Michael Tokarev
mjt at tls.msk.ru
Mon Dec 28 15:00:35 UTC 2015
Source: qemu
Version: 0.14+dfsg-1
Severity: important
Tags: security patch upstream fixed-upstream pending
CVE-2015-8558 has been reported against qemu usb ehci emulated device.
http://www.openwall.com/lists/oss-security/2015/12/14/9 :
Qemu emulator built with the USB EHCI emulation support is vulnerable to an
infinite loop issue. It occurs during communication between host controller
interface(EHCI) and a respective device driver. These two communicate via a
isochronous transfer descriptor list(iTD) and an infinite loop unfolds if
there is a closed loop in this list.
A privileges user inside guest could use this flaw to consume excessive CPU
cycles & resources on the host.
Reporting it existing in version 0.14 of qemu (this is where ehci device has
been introduced).
More information about the Secure-testing-team
mailing list