Bug 947159 (CVE-2015-7295) - VUL-1: CVE-2015-7295: qemu: net: virtio-net possible remote DoS
Summary: VUL-1: CVE-2015-7295: qemu: net: virtio-net possible remote DoS
Status: RESOLVED FIXED
Alias: CVE-2015-7295
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Bruce Rogers
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/156805/
Whiteboard: CVSSv2:RedHat:CVE-2015-7295:3.3:(AV:A...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-09-23 13:24 UTC by Victor Pereira
Modified: 2016-07-22 10:46 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
CVE-2015-7295.patch (4.99 KB, patch)
2015-10-01 08:36 UTC, Andreas Stieger 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2015-09-23 13:24:21 UTC 
rh#1264381

Qemu emulator built with the Virtual Network Device(virtio-net) support is
vulnerable to a DoS issue. It could occur while receiving large packets over
the tuntap/ macvtap interfaces and when guest's virtio-net driver did not
support big/mergeable receive buffers.

An attacker on the local network could use this flaw to disable guest's
networking by sending a large number of jumbo frames to the guest, exhausting
all receive buffers and thus leading to a DoS situation.

Upstream fixes:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04729.html
  -> https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04730.html
  -> https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04731.html

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1264381
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7295
http://seclists.org/oss-sec/2015/q3/583
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7295.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7295
Comment 1 Swamp Workflow Management 2015-09-23 22:00:37 UTC 
bugbot adjusting priority
Comment 6 Bernhard Wiedemann 2015-10-08 21:00:21 UTC 
This is an autogenerated message for OBS integration:
This bug (947159) was mentioned in
https://build.opensuse.org/request/show/337319 Leap:42.1 / qemu
Comment 7 Andreas Stieger 2015-10-23 17:23:19 UTC 
Based on bug 950367 comment #14:
Does not affect xen because xen does not support virtio devices.
Comment 8 Swamp Workflow Management 2016-06-13 11:10:08 UTC 
SUSE-SU-2016:1560-1: An update that solves 37 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 886378,895528,901508,928393,934069,940929,944463,947159,958491,958917,959005,959386,960334,960708,960725,960835,961332,961333,961358,961556,961691,962320,963782,964413,967969,969121,969122,969350,970036,970037,975128,975136,975700,976109,978158,978160,980711,980723,981266
CVE References: CVE-2014-3615,CVE-2014-3689,CVE-2014-9718,CVE-2015-3214,CVE-2015-5239,CVE-2015-5745,CVE-2015-7295,CVE-2015-7549,CVE-2015-8504,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2015-8817,CVE-2015-8818,CVE-2016-1568,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2538,CVE-2016-2841,CVE-2016-2857,CVE-2016-2858,CVE-2016-3710,CVE-2016-3712,CVE-2016-4001,CVE-2016-4002,CVE-2016-4020,CVE-2016-4037,CVE-2016-4439,CVE-2016-4441,CVE-2016-4952
Sources used:
SUSE Linux Enterprise Server 12 (src):    qemu-2.0.2-48.19.1
SUSE Linux Enterprise Desktop 12 (src):    qemu-2.0.2-48.19.1
Comment 9 Swamp Workflow Management 2016-06-28 18:09:35 UTC 
SUSE-SU-2016:1698-1: An update that solves 33 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 895528,901508,928393,934069,936132,940929,944463,945404,945987,945989,947159,958491,958917,959005,960334,960725,961332,961333,961358,961556,961691,962320,963782,964413,967969,969350,970036,970037,975128,975136,975700,976109,978158,978160,980711,980723
CVE References: CVE-2014-3615,CVE-2014-3689,CVE-2014-9718,CVE-2015-3214,CVE-2015-5239,CVE-2015-5278,CVE-2015-5279,CVE-2015-5745,CVE-2015-6855,CVE-2015-7295,CVE-2015-7549,CVE-2015-8504,CVE-2015-8558,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2016-1568,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2538,CVE-2016-2841,CVE-2016-2857,CVE-2016-2858,CVE-2016-3710,CVE-2016-3712,CVE-2016-4001,CVE-2016-4002,CVE-2016-4020,CVE-2016-4037,CVE-2016-4439,CVE-2016-4441
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kvm-1.4.2-46.1
Comment 10 Swamp Workflow Management 2016-07-11 14:41:34 UTC 
SUSE-SU-2016:1785-1: An update that solves 33 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 895528,901508,928393,934069,936132,940929,944463,945404,945987,945989,947159,958491,958917,959005,960334,960725,961332,961333,961358,961556,961691,962320,963782,964413,967969,969350,970036,970037,975128,975136,975700,976109,978158,978160,980711,980723
CVE References: CVE-2014-3615,CVE-2014-3689,CVE-2014-9718,CVE-2015-3214,CVE-2015-5239,CVE-2015-5278,CVE-2015-5279,CVE-2015-5745,CVE-2015-6855,CVE-2015-7295,CVE-2015-7549,CVE-2015-8504,CVE-2015-8558,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2016-1568,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2538,CVE-2016-2841,CVE-2016-2857,CVE-2016-2858,CVE-2016-3710,CVE-2016-3712,CVE-2016-4001,CVE-2016-4002,CVE-2016-4020,CVE-2016-4037,CVE-2016-4439,CVE-2016-4441
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    kvm-1.4.2-44.1
Comment 11 Johannes Segitz 2016-07-22 10:46:49 UTC 
fixed everywhere