CVE-2016-7907 (retired)

Priority
Description
The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator)
does not properly limit the buffer descriptor count when transmitting
packets, which allows local guest OS administrators to cause a denial of
service (infinite loop and QEMU process crash) via vectors involving a
buffer descriptor with a length of 0 and crafted values in bd.flags.
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.5+dfsg-5ubuntu10.11)
Patches:
Upstream:http://git.qemu-project.org/?p=qemu.git;a=commit;h=81f17e0d435c3db3a3e67e0d32ebf9c98973211f
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2019-03-26 12:23:06 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)