ID CVE-2016-5403
Summary The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
References
Vulnerable Configurations
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 05-01-2018 - 02:31)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:C
redhat via4
advisories
  • bugzilla
    id 1358359
    title CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment qemu-guest-agent is earlier than 2:0.12.1.2-2.491.el6_8.3
          oval oval:com.redhat.rhsa:tst:20161585005
        • comment qemu-guest-agent is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121234008
      • AND
        • comment qemu-img is earlier than 2:0.12.1.2-2.491.el6_8.3
          oval oval:com.redhat.rhsa:tst:20161585011
        • comment qemu-img is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345008
      • AND
        • comment qemu-kvm is earlier than 2:0.12.1.2-2.491.el6_8.3
          oval oval:com.redhat.rhsa:tst:20161585007
        • comment qemu-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345006
      • AND
        • comment qemu-kvm-tools is earlier than 2:0.12.1.2-2.491.el6_8.3
          oval oval:com.redhat.rhsa:tst:20161585009
        • comment qemu-kvm-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345010
    rhsa
    id RHSA-2016:1585
    released 2016-08-09
    severity Moderate
    title RHSA-2016:1585: qemu-kvm security update (Moderate)
  • bugzilla
    id 1358359
    title CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment libcacard is earlier than 10:1.5.3-105.el7_2.7
          oval oval:com.redhat.rhsa:tst:20161606017
        • comment libcacard is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140704008
      • AND
        • comment libcacard-devel is earlier than 10:1.5.3-105.el7_2.7
          oval oval:com.redhat.rhsa:tst:20161606011
        • comment libcacard-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140704010
      • AND
        • comment libcacard-tools is earlier than 10:1.5.3-105.el7_2.7
          oval oval:com.redhat.rhsa:tst:20161606015
        • comment libcacard-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140704016
      • AND
        • comment qemu-img is earlier than 10:1.5.3-105.el7_2.7
          oval oval:com.redhat.rhsa:tst:20161606007
        • comment qemu-img is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345008
      • AND
        • comment qemu-kvm is earlier than 10:1.5.3-105.el7_2.7
          oval oval:com.redhat.rhsa:tst:20161606005
        • comment qemu-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345006
      • AND
        • comment qemu-kvm-common is earlier than 10:1.5.3-105.el7_2.7
          oval oval:com.redhat.rhsa:tst:20161606009
        • comment qemu-kvm-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140704018
      • AND
        • comment qemu-kvm-tools is earlier than 10:1.5.3-105.el7_2.7
          oval oval:com.redhat.rhsa:tst:20161606013
        • comment qemu-kvm-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345010
    rhsa
    id RHSA-2016:1606
    released 2016-08-11
    severity Moderate
    title RHSA-2016:1606: qemu-kvm security update (Moderate)
  • bugzilla
    id 1358359
    title CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment kmod-kvm is earlier than 0:83-276.el5_11
          oval oval:com.redhat.rhsa:tst:20161943002
        • comment kmod-kvm is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091465005
      • AND
        • comment kmod-kvm-debug is earlier than 0:83-276.el5_11
          oval oval:com.redhat.rhsa:tst:20161943010
        • comment kmod-kvm-debug is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110028007
      • AND
        • comment kvm is earlier than 0:83-276.el5_11
          oval oval:com.redhat.rhsa:tst:20161943004
        • comment kvm is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091465003
      • AND
        • comment kvm-qemu-img is earlier than 0:83-276.el5_11
          oval oval:com.redhat.rhsa:tst:20161943008
        • comment kvm-qemu-img is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091465007
      • AND
        • comment kvm-tools is earlier than 0:83-276.el5_11
          oval oval:com.redhat.rhsa:tst:20161943006
        • comment kvm-tools is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091465009
    rhsa
    id RHSA-2016:1943
    released 2016-09-27
    severity Important
    title RHSA-2016:1943: kvm security update (Important)
  • rhsa
    id RHSA-2016:1586
  • rhsa
    id RHSA-2016:1607
  • rhsa
    id RHSA-2016:1652
  • rhsa
    id RHSA-2016:1653
  • rhsa
    id RHSA-2016:1654
  • rhsa
    id RHSA-2016:1655
  • rhsa
    id RHSA-2016:1756
  • rhsa
    id RHSA-2016:1763
rpms
  • qemu-guest-agent-2:0.12.1.2-2.491.el6_8.3
  • qemu-img-2:0.12.1.2-2.491.el6_8.3
  • qemu-kvm-2:0.12.1.2-2.491.el6_8.3
  • qemu-kvm-tools-2:0.12.1.2-2.491.el6_8.3
  • libcacard-10:1.5.3-105.el7_2.7
  • libcacard-devel-10:1.5.3-105.el7_2.7
  • libcacard-tools-10:1.5.3-105.el7_2.7
  • qemu-img-10:1.5.3-105.el7_2.7
  • qemu-kvm-10:1.5.3-105.el7_2.7
  • qemu-kvm-common-10:1.5.3-105.el7_2.7
  • qemu-kvm-tools-10:1.5.3-105.el7_2.7
  • kmod-kvm-0:83-276.el5_11
  • kmod-kvm-debug-0:83-276.el5_11
  • kvm-0:83-276.el5_11
  • kvm-qemu-img-0:83-276.el5_11
  • kvm-tools-0:83-276.el5_11
refmap via4
bid 92148
confirm
sectrack 1036476
ubuntu
  • USN-3047-1
  • USN-3047-2
Last major update 05-01-2018 - 02:31
Published 02-08-2016 - 16:59
Last modified 27-12-2019 - 16:08
Back to Top