ID CVE-2016-8668
Summary The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size.
References
Vulnerable Configurations
  • cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*
CVSS
Base: 1.9 (as of 01-07-2017 - 01:30)
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bid 93566
gentoo GLSA-201611-11
mlist
  • [oss-security] 20161014 CVE request Qemu: net: OOB buffer access in rocker switch emulation
  • [oss-security] 20161015 Re: CVE request Qemu: net: OOB buffer access in rocker switch emulation
  • [qemu-devel] 20161012 [PATCH] net: rocker: set limit to DMA buffer size
suse openSUSE-SU-2016:3237
Last major update 01-07-2017 - 01:30
Published 04-11-2016 - 21:59
Back to Top