CVE-2016-8909
First published: Mon Oct 24 2016(Updated: )
Quick Emulator(Qemu) built with the Intel HDA controller emulation support is vulnerable to an infinite loop issue. It could occur while processing the DMA buffer stream while doing data transfer in 'intel_hda_xfer'. A privileged user inside guest could use this flaw to consume excessive CPU cycles on the host, resulting in DoS. Upstream patch -------------- -> <a href="https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04717.html">https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04717.html</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QEMU qemu | <=2.7.1 | |
| Debian Debian Linux | =8.0 | |
| openSUSE Leap | =42.2 | |
| Redhat Openstack | =6.0 | |
| Redhat Openstack | =7.0 | |
| Redhat Openstack | =8 | |
| Redhat Openstack | =9 | |
| Redhat Openstack | =10 | |
| Redhat Openstack | =11 | |
| Redhat Virtualization | =4.0 | |
| Redhat Enterprise Linux | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html
- http://www.openwall.com/lists/oss-security/2016/10/24/1
- http://www.openwall.com/lists/oss-security/2016/10/24/4
- http://www.securityfocus.com/bid/93842
- https://access.redhat.com/errata/RHSA-2017:2392
- https://access.redhat.com/errata/RHSA-2017:2408
- https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
- https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04682.html
- https://security.gentoo.org/glsa/201611-11
- https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04717.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1388053
- https://bugzilla.redhat.com/show_bug.cgi?id=1388052
- collector/nvd-index
- agent/weakness
- agent/author
- agent/type
- agent/remedy
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-8909
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/severity
- agent/references
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/qemu
- canonical/qemu qemu
- version/qemu qemu/2.7.1
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/42.2
- vendor/redhat
- canonical/redhat openstack
- version/redhat openstack/6.0
- version/redhat openstack/7.0
- version/redhat openstack/8
- version/redhat openstack/9
- version/redhat openstack/10
- version/redhat openstack/11
- canonical/redhat virtualization
- version/redhat virtualization/4.0
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0