CVE-2016-4037

NameCVE-2016-4037
DescriptionThe ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: local)
Debian Bugs822344

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qemu (PTS)wheezy1.1.2+dfsg-6a+deb7u12vulnerable
wheezy (security)1.1.2+dfsg-6+deb7u24vulnerable
jessie (security), jessie1:2.1+dfsg-12+deb8u6vulnerable
stretch1:2.8+dfsg-6+deb9u2fixed
stretch (security)1:2.8+dfsg-6+deb9u3fixed
buster, sid1:2.10.0+dfsg-2fixed
qemu-kvm (PTS)wheezy1.1.2+dfsg-6+deb7u12vulnerable
wheezy (security)1.1.2+dfsg-6+deb7u24vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qemusource(unstable)1:2.6+dfsg-1medium822344
qemu-kvmsource(unstable)(unfixed)medium

Notes

[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html
https://bugzilla.redhat.com/show_bug.cgi?id=1325129
http://www.openwall.com/lists/oss-security/2016/04/18/3
http://git.qemu.org/?p=qemu.git;a=commit;h=1ae3f2f178087711f9591350abad133525ba93f2 (v2.6.0-rc3)
http://git.qemu.org/?p=qemu.git;a=commit;h=a49923d2837d20510d645d3758f1ad87c32d0730 (v2.6.0-rc3)

Search for package or bug name: Reporting problems