CVE-2016-1981
Advisory lineage Upstream: 0 Downstream: 18
Modified
Published: 29 Dec 2016, 22:00
Last modified:05 Aug 2024, 23:17
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.5 MEDIUM
v3.1 (nvd)
EPSS Score
0.06% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
29 Dec 2016, 22:00
Published
Vulnerability first disclosed
05 Aug 2024, 23:17
Last Modified
Vulnerability information updated
Description
QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 0.06%• Percentile: 20%
Techniques & Countermeasures
- CWE-835•Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Affected Systems
- debian•debian_linux
7.0 | 8.0
- qemu•qemu
≤ 2.5.1.1
References (10)
- https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html
- https://security.gentoo.org/glsa/201604-01
- http://www.debian.org/security/2016/dsa-3469
- http://www.debian.org/security/2016/dsa-3470
- http://www.openwall.com/lists/oss-security/2016/01/19/10
- https://bugzilla.redhat.com/show_bug.cgi?id=1298570
- http://www.openwall.com/lists/oss-security/2016/01/22/1
- http://rhn.redhat.com/errata/RHSA-2016-2585.html
- http://www.debian.org/security/2016/dsa-3471
- http://www.securityfocus.com/bid/81549