First published: Wed Oct 05 2016(Updated: )
The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
QEMU KVM | <=2.7.1 | |
Debian Debian Linux | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-7908 has a severity rating that indicates it can lead to a denial of service vulnerability.
To resolve CVE-2016-7908, update QEMU to a version greater than 2.7.1 where the issue has been patched.
CVE-2016-7908 affects QEMU versions up to and including 2.7.1 and Debian Linux version 8.0.
CVE-2016-7908 can be exploited by local guest OS administrators to create an infinite loop that crashes the QEMU process.
There are no specific workarounds identified for CVE-2016-7908, so updating the software is recommended for protection.