QEMU 'hw/usb/hcd-ohci.c' Denial of Service Vulnerability

QEMU is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to crash the QEMU instance, resulting in a denial-of-service condition.

Information

Bugtraq ID: 96611
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-6505

Remote: Yes
Local: No
Published: Mar 06 2017 12:00AM
Updated: Apr 13 2017 12:03AM
Credit: Li Qiang of 360.cn Inc.
Vulnerable: QEMU QEMU 0
Gentoo Linux

Not Vulnerable:

References:

• QEMU Homepage (QEMU)
  
• CVE-2017-6505 Qemu: usb: an infinite loop issue in ohci_service_ed_list (Seclists.org)
  
• usb: ohci: limit the number of link eds (qemu)
  

Source: www.securityfocus.com