Bugzilla – Bug 1007157
VUL-0: CVE-2016-8910: xen: net: rtl8139: infinite loop while transmit in C+ mode
Last modified: 2022-09-23 08:02:51 UTC
+++ This bug was initially created as a clone of Bug #1006538 +++ Reference: http://seclists.org/oss-sec/2016/q4/223 =================================================== Hello, Quick Emulator(Qemu) built with the RTL8139 ethernet controller emulation support is vulnerable to an infinite loop issue. It could occur while transmitting packets in C+ mode of operation. A privileged user inside guest could use this flaw to consume excessive CPU cycles on the host, resulting in DoS situation. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F ===================================================
bugbot adjusting priority
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2016-12-07. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/63236
Submissions: ============ SUSE:SLE-12-SP2:Update: 124867 SUSE:SLE-12-SP1:Update: 124868 SUSE:SLE-12:Update: 124869 SUSE:SLE-11-SP4:Update: 124870 SUSE:SLE-11-SP3:Update: 124871 SUSE:SLE-11-SP2:Update: 124872 SUSE:SLE-11-SP1:Update: 124873 SUSE:SLE-11-SP1:Update:Teradata: 124981 SUSE:SLE-10-SP4:Update:Test: 124874 SUSE:SLE-10-SP3:Update:Test: 124875
SUSE-SU-2016:3044-1: An update that fixes 14 vulnerabilities is now available. Category: security (important) Bug References: 1000106,1000893,1003030,1003032,1005004,1005005,1007157,1009100,1009103,1009107,1009109,1009111,1011652,990843 CVE References: CVE-2016-6351,CVE-2016-7777,CVE-2016-7908,CVE-2016-7909,CVE-2016-8667,CVE-2016-8669,CVE-2016-8910,CVE-2016-9379,CVE-2016-9380,CVE-2016-9381,CVE-2016-9382,CVE-2016-9383,CVE-2016-9386,CVE-2016-9637 Sources used: SUSE Linux Enterprise Server 11-SP2-LTSS (src): xen-4.1.6_08-32.1 SUSE Linux Enterprise Debuginfo 11-SP2 (src): xen-4.1.6_08-32.1
SUSE-SU-2016:3067-1: An update that fixes 17 vulnerabilities is now available. Category: security (important) Bug References: 1000106,1003030,1003032,1004981,1005004,1005005,1007157,1007941,1009100,1009103,1009104,1009105,1009107,1009108,1009109,1009111,1011652 CVE References: CVE-2016-7777,CVE-2016-7908,CVE-2016-7909,CVE-2016-8667,CVE-2016-8669,CVE-2016-8910,CVE-2016-9377,CVE-2016-9378,CVE-2016-9379,CVE-2016-9380,CVE-2016-9381,CVE-2016-9382,CVE-2016-9383,CVE-2016-9384,CVE-2016-9385,CVE-2016-9386,CVE-2016-9637 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP2 (src): xen-4.7.1_02-25.1 SUSE Linux Enterprise Server 12-SP2 (src): xen-4.7.1_02-25.1 SUSE Linux Enterprise Desktop 12-SP2 (src): xen-4.7.1_02-25.1
SUSE-SU-2016:3083-1: An update that fixes 19 vulnerabilities is now available. Category: security (important) Bug References: 1000106,1003030,1003032,1003870,1004016,1005004,1005005,1007157,1007160,1009100,1009103,1009104,1009107,1009108,1009109,1009111,1011652 CVE References: CVE-2016-7777,CVE-2016-7908,CVE-2016-7909,CVE-2016-7995,CVE-2016-8576,CVE-2016-8667,CVE-2016-8669,CVE-2016-8909,CVE-2016-8910,CVE-2016-9377,CVE-2016-9378,CVE-2016-9379,CVE-2016-9380,CVE-2016-9381,CVE-2016-9382,CVE-2016-9383,CVE-2016-9385,CVE-2016-9386,CVE-2016-9637 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): xen-4.5.5_02-22.3.1 SUSE Linux Enterprise Server 12-SP1 (src): xen-4.5.5_02-22.3.1 SUSE Linux Enterprise Desktop 12-SP1 (src): xen-4.5.5_02-22.3.1
openSUSE-SU-2016:3134-1: An update that fixes 17 vulnerabilities is now available. Category: security (important) Bug References: 1000106,1003030,1003032,1004981,1005004,1005005,1007157,1007941,1009100,1009103,1009104,1009105,1009107,1009108,1009109,1009111,1011652 CVE References: CVE-2016-7777,CVE-2016-7908,CVE-2016-7909,CVE-2016-8667,CVE-2016-8669,CVE-2016-8910,CVE-2016-9377,CVE-2016-9378,CVE-2016-9379,CVE-2016-9380,CVE-2016-9381,CVE-2016-9382,CVE-2016-9383,CVE-2016-9384,CVE-2016-9385,CVE-2016-9386,CVE-2016-9637 Sources used: openSUSE Leap 42.2 (src): xen-4.7.1_02-3.1
SUSE-SU-2016:3156-1: An update that fixes 16 vulnerabilities is now available. Category: security (important) Bug References: 1000106,1003030,1003032,1004016,1005004,1005005,1007157,1007160,1009100,1009103,1009104,1009107,1009109,1009111,1011652,953518 CVE References: CVE-2016-7777,CVE-2016-7908,CVE-2016-7909,CVE-2016-8576,CVE-2016-8667,CVE-2016-8669,CVE-2016-8909,CVE-2016-8910,CVE-2016-9379,CVE-2016-9380,CVE-2016-9381,CVE-2016-9382,CVE-2016-9383,CVE-2016-9385,CVE-2016-9386,CVE-2016-9637 Sources used: SUSE Linux Enterprise Server for SAP 12 (src): xen-4.4.4_05-22.25.1 SUSE Linux Enterprise Server 12-LTSS (src): xen-4.4.4_05-22.25.1
SUSE-SU-2016:3174-1: An update that fixes 16 vulnerabilities is now available. Category: security (important) Bug References: 1000106,1000893,1003030,1003032,1004016,1005004,1005005,1007157,1007160,1009100,1009103,1009104,1009107,1009109,1009111,1011652 CVE References: CVE-2016-7777,CVE-2016-7908,CVE-2016-7909,CVE-2016-8576,CVE-2016-8667,CVE-2016-8669,CVE-2016-8909,CVE-2016-8910,CVE-2016-9379,CVE-2016-9380,CVE-2016-9381,CVE-2016-9382,CVE-2016-9383,CVE-2016-9385,CVE-2016-9386,CVE-2016-9637 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): xen-4.4.4_10-43.5 SUSE Linux Enterprise Server 11-SP4 (src): xen-4.4.4_10-43.5 SUSE Linux Enterprise Debuginfo 11-SP4 (src): xen-4.4.4_10-43.5
released
SUSE-SU-2016:3273-1: An update that fixes 14 vulnerabilities is now available. Category: security (important) Bug References: 1000106,1000893,1003030,1003032,1005004,1005005,1007157,1007160,1009100,1009103,1009107,1009109,1009111,1011652 CVE References: CVE-2016-7777,CVE-2016-7908,CVE-2016-7909,CVE-2016-8667,CVE-2016-8669,CVE-2016-8909,CVE-2016-8910,CVE-2016-9379,CVE-2016-9380,CVE-2016-9381,CVE-2016-9382,CVE-2016-9383,CVE-2016-9386,CVE-2016-9637 Sources used: SUSE OpenStack Cloud 5 (src): xen-4.2.5_21-30.1 SUSE Manager Proxy 2.1 (src): xen-4.2.5_21-30.1 SUSE Manager 2.1 (src): xen-4.2.5_21-30.1 SUSE Linux Enterprise Server 11-SP3-LTSS (src): xen-4.2.5_21-30.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): xen-4.2.5_21-30.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): xen-4.2.5_21-30.1
openSUSE-SU-2017:0007-1: An update that fixes 24 vulnerabilities is now available. Category: security (important) Bug References: 1000106,1002496,1003030,1003032,1003870,1004016,1005004,1005005,1007157,1007160,1009100,1009103,1009104,1009107,1009108,1009109,1009111,1011652,1012651,1013657,1013668,1014298,1016340 CVE References: CVE-2016-10013,CVE-2016-10024,CVE-2016-7777,CVE-2016-7908,CVE-2016-7909,CVE-2016-7995,CVE-2016-8576,CVE-2016-8667,CVE-2016-8669,CVE-2016-8909,CVE-2016-8910,CVE-2016-9101,CVE-2016-9377,CVE-2016-9378,CVE-2016-9379,CVE-2016-9380,CVE-2016-9381,CVE-2016-9382,CVE-2016-9383,CVE-2016-9385,CVE-2016-9386,CVE-2016-9637,CVE-2016-9776,CVE-2016-9932 Sources used: openSUSE Leap 42.1 (src): xen-4.5.5_06-18.1
openSUSE-SU-2017:0008-1: An update that solves 19 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1000106,1000195,1002496,1003030,1003032,1004016,1005004,1005005,1007157,1007160,1009100,1009103,1009104,1009107,1009109,1009111,1011652,1012651,1014298,1016340,953518 CVE References: CVE-2016-10013,CVE-2016-10024,CVE-2016-7777,CVE-2016-7908,CVE-2016-7909,CVE-2016-8576,CVE-2016-8667,CVE-2016-8669,CVE-2016-8909,CVE-2016-8910,CVE-2016-9379,CVE-2016-9380,CVE-2016-9381,CVE-2016-9382,CVE-2016-9383,CVE-2016-9385,CVE-2016-9386,CVE-2016-9637,CVE-2016-9932 Sources used: openSUSE 13.2 (src): xen-4.4.4_06-58.1
*** Bug 1024178 has been marked as a duplicate of this bug. ***