ID CVE-2016-1981
Summary QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS.
References
Vulnerable Configurations
  • cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 05-01-2018 - 02:30)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2016:2585
rpms
  • qemu-img-10:1.5.3-126.el7
  • qemu-kvm-10:1.5.3-126.el7
  • qemu-kvm-common-10:1.5.3-126.el7
  • qemu-kvm-tools-10:1.5.3-126.el7
refmap via4
bid 81549
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1298570
debian
  • DSA-3469
  • DSA-3470
  • DSA-3471
gentoo GLSA-201604-01
mlist
  • [oss-security] 20160119 CVE request Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines
  • [oss-security] 20160122 Re: CVE request Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines
  • [qemu-devel] 20160119 [PATCH] e1000: eliminate infinite loops on out-of-bounds transfer start
Last major update 05-01-2018 - 02:30
Published 29-12-2016 - 22:59
Back to Top