Bugzilla – Bug 993854
VUL-1: CVE-2016-6490: xen: Qemu: virtio: infinite loop in virtqueue_pop
Last modified: 2016-08-16 14:07:26 UTC
(xen copy of the qemu bug)
+++ This bug was initially created as a clone of Bug #991466 +++
Quoting from RH BZ:
Quick emulator(Qemu) built with the virtio framework is vulnerable to an
infinite loop issue. It could occur if the guest was to set the I/O descriptor
buffer length to be zero. A privileged user inside guest could use this flaw
to potentially crash the Qemu instance on the host resulting in DoS.
none of our XEN versions seems to have the affected code, as it was only added in very new qemu versions.