CVE-2015-8558Infinite Loop in Qemu

CWE-835Infinite LoopCWE-400Uncontrolled Resource Consumption17 documents8 sources
Severity
6.0MEDIUMNVD
NVD5.5OSV5.5
EPSS
0.0%
top 86.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
QemuDebian QemuCanonical Ubuntu Linux+2 more
Timeline
PublishedMay 23
Latest updateMay 13

Description

The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

debiandebian/qemu< qemu 1:2.5+dfsg-2 (bookworm)+1
Debianqemu/qemu< 1:2.6+dfsg-1+7
Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.22
NVDqemu/qemu2.5.1.1+2

Also affects: Debian Linux 7.0, 8.0, Fedora 22, 23, 24, Ubuntu Linux 12.04, 14.04, 15.10, 16.04

Patches

Patch: lists.gnu.orgPatch: lists.gnu.org

🔴Vulnerability Details

5
GHSA
GHSA-3cv8-m6fw-pjg4: The ehci_advance_state function in hw/usb/hcd-ehci2022-05-13
GHSA
GHSA-84gj-c6vv-gh4q: The ehci_process_itd function in hw/usb/hcd-ehci2022-05-13
OSV
CVE-2016-4037: The ehci_advance_state function in hw/usb/hcd-ehci2016-05-23
OSV
CVE-2015-8558: The ehci_process_itd function in hw/usb/hcd-ehci2016-05-23
OSV
qemu, qemu-kvm vulnerabilities2016-02-03

📋Vendor Advisories

5
Red Hat
Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process2016-04-18
Ubuntu
QEMU vulnerabilities2016-02-03
Debian
CVE-2016-4037: qemu - The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest ...2016
Red Hat
Qemu: usb: infinite loop in ehci_advance_state results in DoS2015-12-10
Debian
CVE-2015-8558: qemu - The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS...2015

📄Research Papers

1
arXiv
Literature review on vulnerability detection using NLP technology2021-04-23

💬Community

4
Bugzilla
CVE-2016-4037 Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process2016-04-08
Bugzilla
CVE-2015-8558 qemu: DoS by infinite loop in ehci_advance_state [fedora-all]2015-12-14
Bugzilla
CVE-2015-8558 xen: qemu: DoS by infinite loop in ehci_advance_state [fedora-all]2015-12-14
Bugzilla
CVE-2015-8558 Qemu: usb: infinite loop in ehci_advance_state results in DoS2015-11-04