Source: qemu Version: 0.14+dfsg-1 Severity: important Tags: security patch upstream fixed-upstream pending
CVE-2015-8558 has been reported against qemu usb ehci emulated device. http://www.openwall.com/lists/oss-security/2015/12/14/9 : Qemu emulator built with the USB EHCI emulation support is vulnerable to an infinite loop issue. It occurs during communication between host controller interface(EHCI) and a respective device driver. These two communicate via a isochronous transfer descriptor list(iTD) and an infinite loop unfolds if there is a closed loop in this list. A privileges user inside guest could use this flaw to consume excessive CPU cycles & resources on the host. Reporting it existing in version 0.14 of qemu (this is where ehci device has been introduced).
