CVE-2016-7907

Priority
Description
The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator)
does not properly limit the buffer descriptor count when transmitting
packets, which allows local guest OS administrators to cause a denial of
service (infinite loop and QEMU process crash) via vectors involving a
buffer descriptor with a length of 0 and crafted values in bd.flags.
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.5+dfsg-5ubuntu10.11)
Patches:
Upstream:http://git.qemu-project.org/?p=qemu.git;a=commit;h=81f17e0d435c3db3a3e67e0d32ebf9c98973211f
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2019-01-14 22:27:45 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)