1
PublicDateAtUSN: 2016-10-05
2
Candidate: CVE-2016-7908
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7908
6
https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05557.html
7
https://usn.ubuntu.com/usn/usn-3125-1
9
The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator)
10
does not properly limit the buffer descriptor count when transmitting
11
packets, which allows local guest OS administrators to cause a denial of
12
service (infinite loop and QEMU process crash) via vectors involving a
13
buffer descriptor with a length of 0 and crafted values in bd.flags.
17
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839835
19
Discovered-by: Li Qiang
23
upstream_qemu-kvm: needs-triage
24
precise_qemu-kvm: released (1.0+noroms-0ubuntu14.31)
26
vivid/ubuntu-core_qemu-kvm: DNE
27
vivid/stable-phone-overlay_qemu-kvm: DNE
33
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=070c4b92b8cd5390889716677a0b92444d6e087a
34
upstream_qemu: needs-triage
36
trusty_qemu: released (2.0.0+dfsg-2ubuntu1.30)
37
vivid/ubuntu-core_qemu: DNE
38
vivid/stable-phone-overlay_qemu: DNE
39
xenial_qemu: released (1:2.5+dfsg-5ubuntu10.6)
40
yakkety_qemu: released (1:2.6.1+dfsg-0ubuntu5.1)
41
devel_qemu: released (1:2.6.1+dfsg-0ubuntu9)