Bugzilla – Bug 999661
VUL-1: CVE-2016-7421 Qemu: scsi: pvscsi: infinite loop when processing IO requests
Last modified: 2021-09-30 22:40:33 UTC
rh#1376731 Quick Emulator(Qemu) built with the VMWARE PVSCSI paravirtual SCSI bus emulation support is vulnerable to an infinite loop issue. It could occur while processing SCSI IO requests. A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03609.html References: https://bugzilla.redhat.com/show_bug.cgi?id=1376731 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7421 http://seclists.org/oss-sec/2016/q3/529 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7421.html
bugbot adjusting priority
SUSE-SU-2016:2936-1: An update that solves 18 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1001151,1002116,1002550,1002557,1003878,1003893,1003894,1004702,1004707,1006536,1006538,1007391,1007450,1007454,1007493,1007494,1007495,998516,999661 CVE References: CVE-2016-7161,CVE-2016-7170,CVE-2016-7421,CVE-2016-7908,CVE-2016-7909,CVE-2016-8576,CVE-2016-8577,CVE-2016-8578,CVE-2016-8667,CVE-2016-8669,CVE-2016-8909,CVE-2016-8910,CVE-2016-9101,CVE-2016-9102,CVE-2016-9103,CVE-2016-9104,CVE-2016-9105,CVE-2016-9106 Sources used: SUSE Linux Enterprise Server for SAP 12 (src): qemu-2.0.2-48.25.1 SUSE Linux Enterprise Server 12-LTSS (src): qemu-2.0.2-48.25.1
SUSE-SU-2016:2988-1: An update that solves 19 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1000345,1001151,1002116,1002550,1002557,1003878,1003893,1003894,1004702,1004707,1006536,1006538,1007391,1007450,1007454,1007493,1007494,1007495,996524,998516,999661 CVE References: CVE-2016-7161,CVE-2016-7170,CVE-2016-7421,CVE-2016-7466,CVE-2016-7908,CVE-2016-7909,CVE-2016-8576,CVE-2016-8577,CVE-2016-8578,CVE-2016-8667,CVE-2016-8669,CVE-2016-8909,CVE-2016-8910,CVE-2016-9101,CVE-2016-9102,CVE-2016-9103,CVE-2016-9104,CVE-2016-9105,CVE-2016-9106 Sources used: SUSE Linux Enterprise Server 12-SP1 (src): qemu-2.3.1-24.6 SUSE Linux Enterprise Desktop 12-SP1 (src): qemu-2.3.1-24.6
openSUSE-SU-2016:3103-1: An update that solves 19 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1000345,1001151,1002116,1002550,1002557,1003878,1003893,1003894,1004702,1004707,1006536,1006538,1007391,1007450,1007454,1007493,1007494,1007495,996524,998516,999661 CVE References: CVE-2016-7161,CVE-2016-7170,CVE-2016-7421,CVE-2016-7466,CVE-2016-7908,CVE-2016-7909,CVE-2016-8576,CVE-2016-8577,CVE-2016-8578,CVE-2016-8667,CVE-2016-8669,CVE-2016-8909,CVE-2016-8910,CVE-2016-9101,CVE-2016-9102,CVE-2016-9103,CVE-2016-9104,CVE-2016-9105,CVE-2016-9106 Sources used: openSUSE Leap 42.1 (src): qemu-2.3.1-22.1, qemu-linux-user-2.3.1-22.1, qemu-testsuite-2.3.1-22.2
Fixed.