981399 – (CVE-2016-4964) VUL-1: CVE-2016-4964: qemu, kvm: scsi: mptsas infinite loop in mptsas_fetch_requests

Bug 981399 (CVE-2016-4964) - VUL-1: CVE-2016-4964: qemu, kvm: scsi: mptsas infinite loop in mptsas_fetch_requests

Summary: VUL-1: CVE-2016-4964: qemu, kvm: scsi: mptsas infinite loop in mptsas_fetch_r...

Status:	RESOLVED FIXED

Alias:	CVE-2016-4964

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assignee:	Bruce Rogers
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/169375/
Whiteboard:
Keywords:

Depends on:
Blocks:	981401
	Show dependency tree / graph

Clone This Bug

Reported:	2016-05-24 15:17 UTC by Alexander Bergmann
Modified:	2017-03-07 22:50 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2016-05-24 15:17:04 UTC

rh#1339155

Quick Emulator(Qemu) built with the LSI SAS1068 Host Bus Adapter emulation
support is vulnerable to an infinite loop issue. It could occur while fetching
new requests in mptsas_fetch_requests().

A privileged user inside guest could use this flaw to consume excessive host
resources or crash the Qemu process resulting in DoS.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04027.html

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2016/05/24/4

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1339155
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4964

Comment 1 Swamp Workflow Management 2016-05-24 22:01:09 UTC

bugbot adjusting priority

Comment 2 Bruce Rogers 2017-03-07 22:50:36 UTC

Fixed.