Bug 994418 (CVE-2016-6834) - VUL-0: CVE-2016-6834: kvm,qemu: an infinite loop during packet fragmentation
Summary: VUL-0: CVE-2016-6834: kvm,qemu: an infinite loop during packet fragmentation
Status: RESOLVED FIXED
Alias: CVE-2016-6834
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/171989/
Whiteboard: CVSSv2:SUSE:CVE-2016-6834:1.5:(AV:L/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-08-18 15:34 UTC by Marcus Meissner
Modified: 2017-11-10 08:23 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-08-18 15:34:56 UTC 
CVE-2016-6834

Quick Emulator(Qemu) built with the VMWARE VMXNET3 NIC device support,
with network abstraction layer is vulnerable to an infinite loop issue.
It could occur while fragmenting packets in the device.

A privileged user inside guest could use this flaw to crash the Qemu instance
resulting in DoS.

https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html
http://git.qemu.org/?p=qemu.git;a=commit;h=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05

It is susceptible
to an infinite loop, if the current fragment length is zero.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6834
http://seclists.org/oss-sec/2016/q3/313
Comment 1 Marcus Meissner 2016-08-18 15:42:27 UTC 
qemu on sle12 and later seems to be affected,
kvm and qemu on sle11 not.
Comment 2 Swamp Workflow Management 2016-08-18 22:00:51 UTC 
bugbot adjusting priority
Comment 3 Liang Yan 2017-03-15 22:00:08 UTC 
Fix is already in SLE12SP2 and later, also checked patch into qemu package under Devel:Virt:SLE-12-SP1 and Devel:Virt:SLE-12
Comment 4 Liang Yan 2017-03-15 22:13:24 UTC 
Fix is already in SLE12SP2 and later, also checked patch into qemu package under Devel:Virt:SLE-12-SP1 and Devel:Virt:SLE-12
Comment 5 Johannes Segitz 2017-05-08 12:08:35 UTC 
Please don't close security bugs, assign them to us once you're done
Comment 6 Johannes Segitz 2017-09-21 12:12:42 UTC 
not adding this to LTSS, fixed for regularly maintained products
Comment 7 Swamp Workflow Management 2017-11-08 11:14:52 UTC 
SUSE-SU-2017:2946-1: An update that solves 33 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1020427,1021741,1025109,1025311,1028184,1028656,1030624,1032075,1034866,1034908,1035406,1035950,1036211,1037242,1037334,1037336,1039495,1042159,1042800,1042801,1043073,1043296,1045035,1046636,1047674,1048902,1049381,1054724,1056334,1057378,1057585,1062069,1063122,994418,994605
CVE References: CVE-2016-6834,CVE-2016-6835,CVE-2016-9602,CVE-2016-9603,CVE-2017-10664,CVE-2017-10806,CVE-2017-10911,CVE-2017-11334,CVE-2017-11434,CVE-2017-12809,CVE-2017-13672,CVE-2017-14167,CVE-2017-15038,CVE-2017-15289,CVE-2017-5579,CVE-2017-5973,CVE-2017-5987,CVE-2017-6505,CVE-2017-7377,CVE-2017-7471,CVE-2017-7493,CVE-2017-7718,CVE-2017-7980,CVE-2017-8086,CVE-2017-8112,CVE-2017-8309,CVE-2017-8379,CVE-2017-8380,CVE-2017-9330,CVE-2017-9373,CVE-2017-9374,CVE-2017-9375,CVE-2017-9503
Sources used:
SUSE OpenStack Cloud 6 (src):    qemu-2.3.1-33.3.3
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    qemu-2.3.1-33.3.3
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    qemu-2.3.1-33.3.3
Comment 8 Swamp Workflow Management 2017-11-10 08:23:50 UTC 
SUSE-SU-2017:2969-1: An update that solves 29 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1020427,1021741,1025109,1025311,1026612,1028184,1028656,1030624,1032075,1034866,1034908,1035406,1035950,1036211,1037242,1039495,1042159,1042800,1042801,1043296,1045035,1046636,1047674,1048902,1049381,1056334,1057585,1062069,1063122,994418,994605
CVE References: CVE-2016-6834,CVE-2016-6835,CVE-2016-9602,CVE-2016-9603,CVE-2017-10664,CVE-2017-10806,CVE-2017-11334,CVE-2017-11434,CVE-2017-13672,CVE-2017-14167,CVE-2017-15038,CVE-2017-15289,CVE-2017-2633,CVE-2017-5579,CVE-2017-5973,CVE-2017-5987,CVE-2017-6505,CVE-2017-7377,CVE-2017-7471,CVE-2017-7493,CVE-2017-7718,CVE-2017-7980,CVE-2017-8086,CVE-2017-8112,CVE-2017-8309,CVE-2017-9330,CVE-2017-9373,CVE-2017-9375,CVE-2017-9503
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    qemu-2.0.2-48.34.3