Bug 1024182 - VUL-0: CVE-2016-9776: xen: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive
VUL-0: CVE-2016-9776: xen: net: mcf_fec: infinite loop while receiving data i...
Status: RESOLVED DUPLICATE of bug 1013657
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Charles Arnold
Security Team bot
:
Depends on: 101328
Blocks:
  Show dependency treegraph
 
Reported: 2017-02-08 02:12 UTC by Johannes Segitz
Modified: 2017-02-09 03:22 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2017-02-08 02:12:27 UTC
+++ This bug was initially created as a clone of Bug #1013285 +++

Reference: http://seclists.org/oss-sec/2016/q4/563
====================================================
  Hello,

Quick Emulator(Qemu) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'.


A privileged user/process inside guest could use this issue to crash the Qemu process on the host leading to DoS.


Upstream patch
--------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05324.html

Reference:
----------
  -> https://bugzilla.redhat.com/show_bug.cgi?id=1400829

This issue was reported by Wjjzhang of Tencent.com.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
====================================================
Comment 1 Charles Arnold 2017-02-08 20:25:26 UTC
Same CVE-2016-9776 as bsc#1013657

*** This bug has been marked as a duplicate of bug 1013657 ***