CVE-2015-6815

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name	Vendor	Start Version	End Version
Qemu	Qemu	*	2.4.0.1 (excluding)
Qemu	Ubuntu	devel	*
Qemu	Ubuntu	trusty	*
Qemu	Ubuntu	vivid	*
Qemu-kvm	Ubuntu	precise	*

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html
http://www.openwall.com/lists/oss-security/2015/09/04/4
http://www.openwall.com/lists/oss-security/2015/09/05/5
http://www.ubuntu.com/usn/USN-2745-1
https://bugzilla.redhat.com/show_bug.cgi?id=1260076
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html
https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-6815
CWE	https://cwe.mitre.org/data/definitions/835.html

Loop with Unreachable Exit Condition ('Infinite Loop')

Weakness

Affected Software

References