CVE-2017-9310: QEMU e1000e NIC Infinite Loop DoS Vulnerability and Fix

Vulnerability Key Information CVE ID: CVE-2017-9310 Vulnerability Type: Infinite loop in QEMU's e1000e NIC emulation Report Date: 2017-05-19 Fix Date: 2019-06-08 Related Updates: - RHSA-2017:2392 - RHSA-2017:2408 Description: - Vulnerability Description: The QEMU emulator using e1000e NIC emulation may enter an infinite loop while processing data during transmission or reception of descriptors, leading to a Denial of Service (DoS). - Upstream Patch: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4154c7e03fa55b4cf52509a83d50d6c09d743b7 Impact: - QEMU Version: 2.7.1-7.fc25 - Operating System: Linux - Severity: Low Fix: - Fedora: qemu-2.7.1-7.fc25 has been pushed to the stable repository - Red Hat Products: - Red Hat OpenStack Platform 10.0 (Newton) - Red Hat OpenStack Platform 11.0 (Ocata) - Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 - Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 - Red Hat OpenStack Platform 8.0 (Liberty) - Red Hat OpenStack Platform 9.0 (Mitaka) - RHEV 4.X RHEV-H and Agents for RHEL-7 - Related RHSA: - RHSA-2017:2392 - RHSA-2017:2408

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2017-9310: QEMU e1000e NIC Infinite Loop DoS Vulnerability and Fix