qemu -- denial of service vulnerabilities in eepro100 NIC support

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the i8255x (PRO100) emulation support is
vulnerable to an infinite loop issue. It could occur while
processing a chain of commands located in the Command Block List
(CBL). Each Command Block(CB) points to the next command in the
list. An infinite loop unfolds if the link to the next CB points
to the same block or there is a closed loop in the chain.
A privileged(CAP_SYS_RAWIO) user inside guest could use this flaw
to crash the Qemu instance resulting in DoS.