Bug 1024182 - VUL-0: CVE-2016-9776: xen: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive
VUL-0: CVE-2016-9776: xen: net: mcf_fec: infinite loop while receiving data i...
Status: RESOLVED DUPLICATE of bug 1013657
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P5 - None : Normal
: ---
Assigned To: Charles Arnold
Security Team bot
Depends on: 101328
  Show dependency treegraph
Reported: 2017-02-08 02:12 UTC by Johannes Segitz
Modified: 2017-02-09 03:22 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2017-02-08 02:12:27 UTC
+++ This bug was initially created as a clone of Bug #1013285 +++

Reference: http://seclists.org/oss-sec/2016/q4/563

Quick Emulator(Qemu) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'.

A privileged user/process inside guest could use this issue to crash the Qemu process on the host leading to DoS.

Upstream patch
  -> https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05324.html

  -> https://bugzilla.redhat.com/show_bug.cgi?id=1400829

This issue was reported by Wjjzhang of Tencent.com.

Thank you.
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
Comment 1 Charles Arnold 2017-02-08 20:25:26 UTC
Same CVE-2016-9776 as bsc#1013657

*** This bug has been marked as a duplicate of bug 1013657 ***