ID CVE-2016-8578
Summary The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation.
References
Vulnerable Configurations
  • cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*
CVSS
Base: 1.9 (as of 01-12-2018 - 11:29)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bid 93474
gentoo GLSA-201611-11
mlist
  • [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
  • [oss-security] 20161010 CVE request Qemu: 9pfs: potential NULL dereferencein 9pfs routines
  • [oss-security] 20161010 Re: CVE request Qemu: 9pfs: potential NULL dereferencein 9pfs routines
  • [qemu-devel] 20160927 Re: [PATCH] 9pfs: make unmarshal V9fsString more robust
suse openSUSE-SU-2016:3237
Last major update 01-12-2018 - 11:29
Published 04-11-2016 - 21:59
Back to Top