CVE-2017-9330 Qemu: usb: ohci: infinite loop due to incorrect return value

[P J P <ppandit () redhat com>]

  Hello,

Quick Emulator built with the USB OHCI Emulation support is vulnerable to an 
infinite loop issue. It could occur while processing an endpoint list 
descriptor in ohci_service_ed_list().

A guest user/process could use this flaw to crash Qemu process resulting in 
DoS.

Upstream patch:
---------------
  -> http://git.qemu.org/?p=qemu.git;a=commitdiff;h=26f670a244982335cc08943fb1ec099a2c81e42d

Reference:
----------
  -> https://bugzilla.redhat.com/show_bug.cgi?id=1457697

This issue was reported by Li Qiang of Qihoo 360 Gear Team.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F