#VU6946 Infinite loop in QEMU
Vulnerability identifier: #VU6946
Vulnerability risk: Low
CVSSv3.1: 2.3 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-835
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
QEMU
Client/Desktop applications /
Virtualization software
Vendor: QEMU
Description
Qemu emulator built with the e1000e NIC emulation support is vulnerable to an
infinite loop issue. It could occur while processing data via transmit or
receive descriptors, provided the initial receive/transmit descriptor
head(TDH/RDH) is set outside the allocated descriptor buffer.
A privileged user inside guest could use this flaw to crash the Qemu instance
resulting in DoS.
Mitigation
Update to version 2.9.0-r2.
Vulnerable software versions
QEMU: 0.1 - 2.9.0
External links
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4154c7e03fa55b4cf52509a83d50d6c09d743b7
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
