ALT-PU-2016-1875-1
Closed vulnerabilities
Published: 2016-06-16
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-2391
The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.
Severity: LOW (2.1)
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.0)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
References:
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa1298c2d623522eda7b4f1f721fcb935abb7360
- http://www.openwall.com/lists/oss-security/2016/02/16/2
- http://www.securityfocus.com/bid/83263
- http://www.ubuntu.com/usn/USN-2974-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1304794
- https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
- https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03374.html
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa1298c2d623522eda7b4f1f721fcb935abb7360
- http://www.openwall.com/lists/oss-security/2016/02/16/2
- http://www.securityfocus.com/bid/83263
- http://www.ubuntu.com/usn/USN-2974-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1304794
- https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
- https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03374.html
Published: 2016-06-01
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-5126
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
Severity: MEDIUM (4.6)
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a6b3167fa0e825aebb5a7cd8b437b6d41584a196
- http://rhn.redhat.com/errata/RHSA-2016-1606.html
- http://rhn.redhat.com/errata/RHSA-2016-1607.html
- http://rhn.redhat.com/errata/RHSA-2016-1653.html
- http://rhn.redhat.com/errata/RHSA-2016-1654.html
- http://rhn.redhat.com/errata/RHSA-2016-1655.html
- http://rhn.redhat.com/errata/RHSA-2016-1756.html
- http://rhn.redhat.com/errata/RHSA-2016-1763.html
- http://www.openwall.com/lists/oss-security/2016/05/30/6
- http://www.openwall.com/lists/oss-security/2016/05/30/7
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.securityfocus.com/bid/90948
- http://www.ubuntu.com/usn/USN-3047-1
- http://www.ubuntu.com/usn/USN-3047-2
- https://bugzilla.redhat.com/show_bug.cgi?id=1340924
- https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html
- https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html
- https://security.gentoo.org/glsa/201609-01
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a6b3167fa0e825aebb5a7cd8b437b6d41584a196
- http://rhn.redhat.com/errata/RHSA-2016-1606.html
- http://rhn.redhat.com/errata/RHSA-2016-1607.html
- http://rhn.redhat.com/errata/RHSA-2016-1653.html
- http://rhn.redhat.com/errata/RHSA-2016-1654.html
- http://rhn.redhat.com/errata/RHSA-2016-1655.html
- http://rhn.redhat.com/errata/RHSA-2016-1756.html
- http://rhn.redhat.com/errata/RHSA-2016-1763.html
- http://www.openwall.com/lists/oss-security/2016/05/30/6
- http://www.openwall.com/lists/oss-security/2016/05/30/7
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.securityfocus.com/bid/90948
- http://www.ubuntu.com/usn/USN-3047-1
- http://www.ubuntu.com/usn/USN-3047-2
- https://bugzilla.redhat.com/show_bug.cgi?id=1340924
- https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html
- https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html
- https://security.gentoo.org/glsa/201609-01
Published: 2016-12-10
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-6490
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer.
Severity: LOW (2.1)
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Severity: MEDIUM (4.4)
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1e7aed70144b4673fc26e73062064b6724795e5f
- http://www.openwall.com/lists/oss-security/2016/07/28/4
- http://www.openwall.com/lists/oss-security/2016/07/28/9
- https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg06246.html
- https://security.gentoo.org/glsa/201609-01
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1e7aed70144b4673fc26e73062064b6724795e5f
- http://www.openwall.com/lists/oss-security/2016/07/28/4
- http://www.openwall.com/lists/oss-security/2016/07/28/9
- https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg06246.html
- https://security.gentoo.org/glsa/201609-01