Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-2857 (GCVE-0-2016-2857)
Vulnerability from cvelistv5 – Published: 2016-04-08 16:00 – Updated: 2024-08-05 23:40
VLAI?
EPSS
Summary
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
16 references
Date Public ?
2016-03-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:13.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:0334",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
},
{
"name": "RHSA-2016:2671",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html"
},
{
"name": "RHSA-2017:0083",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0083.html"
},
{
"name": "[oss-security] 20160303 CVE request Qemu: net: out of bounds read in net_checksum_calculate",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/03/9"
},
{
"name": "RHSA-2016:2706",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html"
},
{
"name": "[oss-security] 20160306 Re: CVE request Qemu: net: out of bounds read in net_checksum_calculate",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/07/3"
},
{
"name": "84130",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84130"
},
{
"name": "RHSA-2017:0350",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
},
{
"name": "RHSA-2016:2705",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "RHSA-2017:0309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0309.html"
},
{
"name": "RHSA-2016:2670",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html"
},
{
"name": "RHSA-2017:0344",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0344.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "RHSA-2016:2704",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2017:0334",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
},
{
"name": "RHSA-2016:2671",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html"
},
{
"name": "RHSA-2017:0083",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0083.html"
},
{
"name": "[oss-security] 20160303 CVE request Qemu: net: out of bounds read in net_checksum_calculate",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/03/9"
},
{
"name": "RHSA-2016:2706",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html"
},
{
"name": "[oss-security] 20160306 Re: CVE request Qemu: net: out of bounds read in net_checksum_calculate",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/07/3"
},
{
"name": "84130",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84130"
},
{
"name": "RHSA-2017:0350",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
},
{
"name": "RHSA-2016:2705",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "RHSA-2017:0309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0309.html"
},
{
"name": "RHSA-2016:2670",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html"
},
{
"name": "RHSA-2017:0344",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0344.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "RHSA-2016:2704",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2857",
"datePublished": "2016-04-08T16:00:00.000Z",
"dateReserved": "2016-03-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:40:13.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2016-2857",
"date": "2026-05-19",
"epss": "0.00058",
"percentile": "0.18024"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.5.1.1\", \"matchCriteriaId\": \"1E0091D0-CCD9-4017-A266-32576814AE63\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"8D305F7A-D159-4716-AB26-5E38BB5CD991\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"815D70A8-47D3-459C-A32C-9FEACA0659D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E88A537F-F4D0-46B9-9E37-965233C2A355\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B152EDF3-3140-4343-802F-F4F1C329F5C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D86166F9-BBF0-4650-8CCD-0F9C97104D21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BBD7A51-0590-4DDF-8249-5AFA8D645CB6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B152EDF3-3140-4343-802F-F4F1C329F5C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D86166F9-BBF0-4650-8CCD-0F9C97104D21\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31EC146C-A6F6-4C0D-AF87-685286262DAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DAA72A4-AC7D-4544-89D4-5B07961D5A95\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8B8C725-34CF-4340-BE7B-37E58CF706D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33C068A4-3780-4EAB-A937-6082DF847564\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"807C024A-F8E8-4B48-A349-4C68CD252CA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F96E3779-F56A-45FF-BB3D-4980527D721E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83737173-E12E-4641-BC49-0BD84A6B29D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BBCD86A-E6C7-4444-9D74-F861084090F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98381E61-F082-4302-B51F-5648884F998B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D99A687E-EAE6-417E-A88E-D0082BC194CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B353CE99-D57C-465B-AAB0-73EF581127D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7431ABC1-9252-419E-8CC1-311B41360078\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17F256A9-D3B9-4C72-B013-4EFD878BFEA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n net_checksum_calculate en net/checksum.c en QEMU permite a usuarios del SO invitado provocar una denegaci\\u00f3n de servicio (lectura de memoria din\\u00e1mica fuera de rango y ca\\u00edda) a trav\\u00e9s de una longitud de la carga \\u00fatil en un paquete manipulado.\"}]",
"id": "CVE-2016-2857",
"lastModified": "2024-11-21T02:48:57.410",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H\", \"baseScore\": 8.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 5.8}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:P\", \"baseScore\": 3.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2016-04-12T02:00:07.243",
"references": "[{\"url\": \"http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2670.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2671.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2704.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2705.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2706.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2017-0083.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2017-0309.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2017-0334.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2017-0344.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2017-0350.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2016/03/03/9\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2016/03/07/3\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/84130\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-2974-1\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2670.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2671.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2704.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2705.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2706.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2017-0083.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2017-0309.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2017-0334.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2017-0344.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2017-0350.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2016/03/03/9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2016/03/07/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/84130\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-2974-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-2857\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2016-04-12T02:00:07.243\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n net_checksum_calculate en net/checksum.c en QEMU permite a usuarios del SO invitado provocar una denegaci\u00f3n de servicio (lectura de memoria din\u00e1mica fuera de rango y ca\u00edda) a trav\u00e9s de una longitud de la carga \u00fatil en un paquete manipulado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":5.8}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:P\",\"baseScore\":3.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.1.1\",\"matchCriteriaId\":\"1E0091D0-CCD9-4017-A266-32576814AE63\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"8D305F7A-D159-4716-AB26-5E38BB5CD991\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"815D70A8-47D3-459C-A32C-9FEACA0659D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E88A537F-F4D0-46B9-9E37-965233C2A355\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B152EDF3-3140-4343-802F-F4F1C329F5C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D86166F9-BBF0-4650-8CCD-0F9C97104D21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BBD7A51-0590-4DDF-8249-5AFA8D645CB6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B152EDF3-3140-4343-802F-F4F1C329F5C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D86166F9-BBF0-4650-8CCD-0F9C97104D21\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31EC146C-A6F6-4C0D-AF87-685286262DAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DAA72A4-AC7D-4544-89D4-5B07961D5A95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8B8C725-34CF-4340-BE7B-37E58CF706D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"807C024A-F8E8-4B48-A349-4C68CD252CA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F96E3779-F56A-45FF-BB3D-4980527D721E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83737173-E12E-4641-BC49-0BD84A6B29D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98381E61-F082-4302-B51F-5648884F998B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D99A687E-EAE6-417E-A88E-D0082BC194CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7431ABC1-9252-419E-8CC1-311B41360078\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17F256A9-D3B9-4C72-B013-4EFD878BFEA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}],\"references\":[{\"url\":\"http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2670.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2671.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2704.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2705.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2706.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0083.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0309.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0334.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0344.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0350.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/03/03/9\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/03/07/3\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/84130\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2974-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2670.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2671.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2704.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2705.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2706.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0083.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0309.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0334.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0344.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0350.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/03/03/9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/03/07/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/84130\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2974-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
}
}
CNVD-2016-02207
Vulnerability from cnvd - Published: 2016-04-15
VLAI Severity ?
Title
QEMU拒绝服务漏洞(CNVD-2016-02207)
Description
QEMU是法国程序员法布里斯-贝拉(Fabrice Bellard)所研发的一套模拟处理器软件。
QEMU的net/checksum.c文件中的‘net_checksum_calculate’函数存在安全漏洞,攻击者可借助特制数据包中的负载长度,利用该漏洞造成拒绝服务(越边界堆读取和崩溃)。
Severity
中
Patch Name
QEMU拒绝服务漏洞的补丁
Patch Description
QEMU是法国程序员法布里斯-贝拉(Fabrice Bellard)所研发的一套模拟处理器软件。
QEMU的net/checksum.c文件中的‘net_checksum_calculate’函数存在安全漏洞,攻击者可借助特制数据包中的负载长度,利用该漏洞造成拒绝服务(越边界堆读取和崩溃)。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=362786f14a753d8a5256ef97d7c10ed576d6572b
Reference
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=362786f14a753d8a5256ef97d7c10ed576d6572b
http://www.openwall.com/lists/oss-security/2016/03/07/3
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=362786f14a753d8a5256ef97d7c10ed576d6572b
Impacted products
| Name | QEMU QEMU |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2016-2857"
}
},
"description": "QEMU\u662f\u6cd5\u56fd\u7a0b\u5e8f\u5458\u6cd5\u5e03\u91cc\u65af-\u8d1d\u62c9\uff08Fabrice Bellard\uff09\u6240\u7814\u53d1\u7684\u4e00\u5957\u6a21\u62df\u5904\u7406\u5668\u8f6f\u4ef6\u3002\r\n\r\nQEMU\u7684net/checksum.c\u6587\u4ef6\u4e2d\u7684\u0026lsquo;net_checksum_calculate\u0026rsquo;\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u6570\u636e\u5305\u4e2d\u7684\u8d1f\u8f7d\u957f\u5ea6\uff0c\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u8d8a\u8fb9\u754c\u5806\u8bfb\u53d6\u548c\u5d29\u6e83\uff09\u3002",
"discovererName": "Ling Liu of Qihoo 360 Inc.",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://git.qemu.org/?p=qemu.git;a=commitdiff;h=362786f14a753d8a5256ef97d7c10ed576d6572b",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-02207",
"openTime": "2016-04-15",
"patchDescription": "QEMU\u662f\u6cd5\u56fd\u7a0b\u5e8f\u5458\u6cd5\u5e03\u91cc\u65af-\u8d1d\u62c9\uff08Fabrice Bellard\uff09\u6240\u7814\u53d1\u7684\u4e00\u5957\u6a21\u62df\u5904\u7406\u5668\u8f6f\u4ef6\u3002\r\n\r\nQEMU\u7684net/checksum.c\u6587\u4ef6\u4e2d\u7684\u0026lsquo;net_checksum_calculate\u0026rsquo;\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u6570\u636e\u5305\u4e2d\u7684\u8d1f\u8f7d\u957f\u5ea6\uff0c\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u8d8a\u8fb9\u754c\u5806\u8bfb\u53d6\u548c\u5d29\u6e83\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "QEMU\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "QEMU QEMU"
},
"referenceLink": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=362786f14a753d8a5256ef97d7c10ed576d6572b\t\r\nhttp://www.openwall.com/lists/oss-security/2016/03/07/3\t\r\nhttp://git.qemu.org/?p=qemu.git;a=commitdiff;h=362786f14a753d8a5256ef97d7c10ed576d6572b",
"serverity": "\u4e2d",
"submitTime": "2016-04-14",
"title": "QEMU\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2016-02207\uff09"
}
FKIE_CVE-2016-2857
Vulnerability from fkie_nvd - Published: 2016-04-12 02:00 - Updated: 2026-05-06 22:30
Severity ?
Summary
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0091D0-CCD9-4017-A266-32576814AE63",
"versionEndIncluding": "2.5.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D86166F9-BBF0-4650-8CCD-0F9C97104D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D86166F9-BBF0-4650-8CCD-0F9C97104D21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B8C725-34CF-4340-BE7B-37E58CF706D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*",
"matchCriteriaId": "F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet."
},
{
"lang": "es",
"value": "La funci\u00f3n net_checksum_calculate en net/checksum.c en QEMU permite a usuarios del SO invitado provocar una denegaci\u00f3n de servicio (lectura de memoria din\u00e1mica fuera de rango y ca\u00edda) a trav\u00e9s de una longitud de la carga \u00fatil en un paquete manipulado."
}
],
"id": "CVE-2016-2857",
"lastModified": "2026-05-06T22:30:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 5.8,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-12T02:00:07.243",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0083.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0309.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0344.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/03/9"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/07/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/84130"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0083.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0309.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0344.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/03/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/07/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/84130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-R736-2MVG-HCHH
Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2022-05-13 01:07
VLAI?
Details
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
Severity ?
8.4 (High)
{
"affected": [],
"aliases": [
"CVE-2016-2857"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-04-12T02:00:00Z",
"severity": "HIGH"
},
"details": "The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.",
"id": "GHSA-r736-2mvg-hchh",
"modified": "2022-05-13T01:07:28Z",
"published": "2022-05-13T01:07:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2857"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2016:2670"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2016:2671"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2016:2704"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2016:2705"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2016:2706"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0083"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0309"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0334"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0344"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0350"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2016-2857"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296567"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=362786f14a753d8a5256ef97d7c10ed576d6572b"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0083.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0309.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0344.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/03/03/9"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/03/07/3"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/84130"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2974-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2016-2857
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-2857",
"description": "The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.",
"id": "GSD-2016-2857",
"references": [
"https://www.suse.com/security/cve/CVE-2016-2857.html",
"https://access.redhat.com/errata/RHSA-2017:0350",
"https://access.redhat.com/errata/RHSA-2017:0344",
"https://access.redhat.com/errata/RHSA-2017:0334",
"https://access.redhat.com/errata/RHSA-2017:0309",
"https://access.redhat.com/errata/RHSA-2017:0083",
"https://access.redhat.com/errata/RHSA-2016:2706",
"https://access.redhat.com/errata/RHSA-2016:2705",
"https://access.redhat.com/errata/RHSA-2016:2704",
"https://access.redhat.com/errata/RHSA-2016:2671",
"https://access.redhat.com/errata/RHSA-2016:2670",
"https://ubuntu.com/security/CVE-2016-2857",
"https://advisories.mageia.org/CVE-2016-2857.html",
"https://linux.oracle.com/cve/CVE-2016-2857.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-2857"
],
"details": "The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.",
"id": "GSD-2016-2857",
"modified": "2023-12-13T01:21:19.539657Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ubuntu.com/usn/USN-2974-1",
"refsource": "MISC",
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2017-0309.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0309.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2017-0334.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2017-0344.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0344.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2017-0350.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2016-2670.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2016-2671.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2016-2704.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2016-2705.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2016-2706.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html"
},
{
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b",
"refsource": "MISC",
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2017-0083.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0083.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2016/03/03/9",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2016/03/03/9"
},
{
"name": "http://www.openwall.com/lists/oss-security/2016/03/07/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2016/03/07/3"
},
{
"name": "http://www.securityfocus.com/bid/84130",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/84130"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.5.1.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2857"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160303 CVE request Qemu: net: out of bounds read in net_checksum_calculate",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/03/9"
},
{
"name": "[oss-security] 20160306 Re: CVE request Qemu: net: out of bounds read in net_checksum_calculate",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/07/3"
},
{
"name": "USN-2974-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "84130",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/84130"
},
{
"name": "RHSA-2017:0350",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
},
{
"name": "RHSA-2017:0344",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0344.html"
},
{
"name": "RHSA-2017:0334",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
},
{
"name": "RHSA-2017:0309",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0309.html"
},
{
"name": "RHSA-2017:0083",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0083.html"
},
{
"name": "RHSA-2016:2706",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html"
},
{
"name": "RHSA-2016:2705",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html"
},
{
"name": "RHSA-2016:2704",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html"
},
{
"name": "RHSA-2016:2671",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html"
},
{
"name": "RHSA-2016:2670",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b",
"refsource": "MISC",
"tags": [],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 5.8
}
},
"lastModifiedDate": "2023-02-12T23:17Z",
"publishedDate": "2016-04-12T02:00Z"
}
}
}
RHSA-2016:2670
Vulnerability from csaf_redhat - Published: 2016-11-07 18:14 - Updated: 2025-11-21 17:58Summary
Red Hat Security Advisory: qemu-kvm-rhev security, bug fix, and enhancement update
Severity
Moderate
Notes
Topic: An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 8.0 (Liberty).
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager.
The following packages have been upgraded to a newer upstream version: qemu-kvm-rhev (2.6.0). (BZ#1386383)
Security Fix(es):
* An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service). (CVE-2015-8817, CVE-2015-8818)
Red Hat would like to thank Donghai Zdh of Alibaba Inc. for reporting this issue.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).
4.0 ()
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).
4.0 ()
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service).
4.7 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
17 references
Acknowledgments
Alibaba Inc.
Donghai Zdh
Qihoo 360 Inc.
Ling Liu
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 8.0 (Liberty).\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager.\n\nThe following packages have been upgraded to a newer upstream version: qemu-kvm-rhev (2.6.0). (BZ#1386383)\n\nSecurity Fix(es):\n\n* An out-of-bounds flaw was found in the QEMU emulator built using \u0027address_space_translate\u0027 to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service). (CVE-2015-8817, CVE-2015-8818)\n\nRed Hat would like to thank Donghai Zdh of Alibaba Inc. for reporting this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2670",
"url": "https://access.redhat.com/errata/RHSA-2016:2670"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1300771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"category": "external",
"summary": "1374366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374366"
},
{
"category": "external",
"summary": "1386383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386383"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2670.json"
}
],
"title": "Red Hat Security Advisory: qemu-kvm-rhev security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T17:58:33+00:00",
"generator": {
"date": "2025-11-21T17:58:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2016:2670",
"initial_release_date": "2016-11-07T18:14:27+00:00",
"revision_history": [
{
"date": "2016-11-07T18:14:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-11-07T18:14:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:58:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"product": {
"name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"product_id": "7Server-RH7-RHOS-8.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:8::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-tools-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-img-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-common-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev-debuginfo@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"product": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"product_id": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.6.0-27.el7?arch=src\u0026epoch=10"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-img-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat OpenStack Platform 8.0 (Liberty)",
"product_id": "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat OpenStack Platform 8.0 (Liberty)",
"product_id": "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.src as a component of Red Hat OpenStack Platform 8.0 (Liberty)",
"product_id": "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src"
},
"product_reference": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOS-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat OpenStack Platform 8.0 (Liberty)",
"product_id": "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 as a component of Red Hat OpenStack Platform 8.0 (Liberty)",
"product_id": "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat OpenStack Platform 8.0 (Liberty)",
"product_id": "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-8.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Donghai Zdh"
],
"organization": "Alibaba Inc."
}
],
"cve": "CVE-2015-8817",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2016-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300771"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds flaw was found in the QEMU emulator built using \u0027address_space_translate\u0027 to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Qemu: OOB access in address_space_rw leads to segmentation fault",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8817"
},
{
"category": "external",
"summary": "RHBZ#1300771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8817",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8817"
}
],
"release_date": "2016-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-07T18:14:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2670"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Qemu: OOB access in address_space_rw leads to segmentation fault"
},
{
"acknowledgments": [
{
"names": [
"Donghai Zdh"
],
"organization": "Alibaba Inc."
}
],
"cve": "CVE-2015-8818",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2016-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300771"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds flaw was found in the QEMU emulator built using \u0027address_space_translate\u0027 to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Qemu: OOB access in address_space_rw leads to segmentation fault",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8818"
},
{
"category": "external",
"summary": "RHBZ#1300771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8818",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8818"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8818",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8818"
}
],
"release_date": "2016-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-07T18:14:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2670"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Qemu: OOB access in address_space_rw leads to segmentation fault"
},
{
"acknowledgments": [
{
"names": [
"Ling Liu"
],
"organization": "Qihoo 360 Inc."
}
],
"cve": "CVE-2016-2857",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2016-01-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1296567"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet\u0027s checksum, because a QEMU function used the packet\u0027s payload length without checking against the data buffer\u0027s size. A user inside a guest could use this flaw to crash the QEMU process (denial of service).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Qemu: net: out of bounds read in net_checksum_calculate()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This has been rated as having Low security impact and is not currently\nplanned to be addressed in future updates. For additional information, refer\nto the Red Hat Enterprise Linux Life Cycle:\nhttps://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2857"
},
{
"category": "external",
"summary": "RHBZ#1296567",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296567"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2857",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2857"
}
],
"release_date": "2016-02-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-07T18:14:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2670"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Qemu: net: out of bounds read in net_checksum_calculate()"
}
]
}
RHSA-2016:2671
Vulnerability from csaf_redhat - Published: 2016-11-07 18:14 - Updated: 2025-11-21 17:58Summary
Red Hat Security Advisory: qemu-kvm-rhev security, bug fix, and enhancement update
Severity
Moderate
Notes
Topic: An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 9.0 (Mitaka).
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager.
The following packages have been upgraded to a newer upstream version: qemu-kvm-rhev (2.6.0). (BZ#1386385)
Security Fix(es):
* An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service). (CVE-2015-8817, CVE-2015-8818)
Red Hat would like to thank Donghai Zdh of Alibaba Inc. for reporting this issue.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).
4.0 ()
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).
4.0 ()
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service).
4.7 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
17 references
Acknowledgments
Alibaba Inc.
Donghai Zdh
Qihoo 360 Inc.
Ling Liu
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 9.0 (Mitaka).\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager.\n\nThe following packages have been upgraded to a newer upstream version: qemu-kvm-rhev (2.6.0). (BZ#1386385)\n\nSecurity Fix(es):\n\n* An out-of-bounds flaw was found in the QEMU emulator built using \u0027address_space_translate\u0027 to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service). (CVE-2015-8817, CVE-2015-8818)\n\nRed Hat would like to thank Donghai Zdh of Alibaba Inc. for reporting this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2671",
"url": "https://access.redhat.com/errata/RHSA-2016:2671"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1300771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"category": "external",
"summary": "1374365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374365"
},
{
"category": "external",
"summary": "1386385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386385"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2671.json"
}
],
"title": "Red Hat Security Advisory: qemu-kvm-rhev security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T17:58:33+00:00",
"generator": {
"date": "2025-11-21T17:58:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2016:2671",
"initial_release_date": "2016-11-07T18:14:15+00:00",
"revision_history": [
{
"date": "2016-11-07T18:14:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-11-07T18:14:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:58:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 9.0",
"product": {
"name": "Red Hat OpenStack Platform 9.0",
"product_id": "7Server-RH7-RHOS-9.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:9::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-tools-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-img-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-common-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev-debuginfo@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"product": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"product_id": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.6.0-27.el7?arch=src\u0026epoch=10"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-img-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat OpenStack Platform 9.0",
"product_id": "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat OpenStack Platform 9.0",
"product_id": "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.src as a component of Red Hat OpenStack Platform 9.0",
"product_id": "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.src"
},
"product_reference": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOS-9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat OpenStack Platform 9.0",
"product_id": "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 as a component of Red Hat OpenStack Platform 9.0",
"product_id": "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat OpenStack Platform 9.0",
"product_id": "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-9.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Donghai Zdh"
],
"organization": "Alibaba Inc."
}
],
"cve": "CVE-2015-8817",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2016-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300771"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds flaw was found in the QEMU emulator built using \u0027address_space_translate\u0027 to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Qemu: OOB access in address_space_rw leads to segmentation fault",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8817"
},
{
"category": "external",
"summary": "RHBZ#1300771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8817",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8817"
}
],
"release_date": "2016-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-07T18:14:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2671"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Qemu: OOB access in address_space_rw leads to segmentation fault"
},
{
"acknowledgments": [
{
"names": [
"Donghai Zdh"
],
"organization": "Alibaba Inc."
}
],
"cve": "CVE-2015-8818",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2016-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300771"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds flaw was found in the QEMU emulator built using \u0027address_space_translate\u0027 to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Qemu: OOB access in address_space_rw leads to segmentation fault",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8818"
},
{
"category": "external",
"summary": "RHBZ#1300771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8818",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8818"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8818",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8818"
}
],
"release_date": "2016-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-07T18:14:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2671"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Qemu: OOB access in address_space_rw leads to segmentation fault"
},
{
"acknowledgments": [
{
"names": [
"Ling Liu"
],
"organization": "Qihoo 360 Inc."
}
],
"cve": "CVE-2016-2857",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2016-01-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1296567"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet\u0027s checksum, because a QEMU function used the packet\u0027s payload length without checking against the data buffer\u0027s size. A user inside a guest could use this flaw to crash the QEMU process (denial of service).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Qemu: net: out of bounds read in net_checksum_calculate()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This has been rated as having Low security impact and is not currently\nplanned to be addressed in future updates. For additional information, refer\nto the Red Hat Enterprise Linux Life Cycle:\nhttps://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2857"
},
{
"category": "external",
"summary": "RHBZ#1296567",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296567"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2857",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2857"
}
],
"release_date": "2016-02-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-07T18:14:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2671"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Qemu: net: out of bounds read in net_checksum_calculate()"
}
]
}
RHSA-2016:2704
Vulnerability from csaf_redhat - Published: 2016-11-14 19:44 - Updated: 2025-11-21 17:58Summary
Red Hat Security Advisory: qemu-kvm-rhev security, bug fix, and enhancement update
Severity
Moderate
Notes
Topic: An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager.
The following packages have been upgraded to a newer upstream version: qemu-kvm-rhev (2.6.0). (BZ#1386381)
Security Fix(es):
* An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service). (CVE-2015-8817, CVE-2015-8818)
Red Hat would like to thank Donghai Zdh of Alibaba Inc. for reporting this issue.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).
4.0 ()
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-7.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-7.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-7.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-7.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).
4.0 ()
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-7.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-7.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-7.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-7.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service).
4.7 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-7.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-7.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-7.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-7.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
17 references
Acknowledgments
Alibaba Inc.
Donghai Zdh
Qihoo 360 Inc.
Ling Liu
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager.\n\nThe following packages have been upgraded to a newer upstream version: qemu-kvm-rhev (2.6.0). (BZ#1386381)\n\nSecurity Fix(es):\n\n* An out-of-bounds flaw was found in the QEMU emulator built using \u0027address_space_translate\u0027 to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service). (CVE-2015-8817, CVE-2015-8818)\n\nRed Hat would like to thank Donghai Zdh of Alibaba Inc. for reporting this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2704",
"url": "https://access.redhat.com/errata/RHSA-2016:2704"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1300771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"category": "external",
"summary": "1374367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374367"
},
{
"category": "external",
"summary": "1386381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386381"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2704.json"
}
],
"title": "Red Hat Security Advisory: qemu-kvm-rhev security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T17:58:36+00:00",
"generator": {
"date": "2025-11-21T17:58:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2016:2704",
"initial_release_date": "2016-11-14T19:44:07+00:00",
"revision_history": [
{
"date": "2016-11-14T19:44:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-11-14T19:44:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:58:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"product": {
"name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"product_id": "7Server-RH7-RHOS-7.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:7::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-tools-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-img-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-common-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev-debuginfo@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"product": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"product_id": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.6.0-27.el7?arch=src\u0026epoch=10"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-img-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"product_id": "7Server-RH7-RHOS-7.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"product_id": "7Server-RH7-RHOS-7.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.src as a component of Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"product_id": "7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.src"
},
"product_reference": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOS-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"product_id": "7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"product_id": "7Server-RH7-RHOS-7.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"product_id": "7Server-RH7-RHOS-7.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-7.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Donghai Zdh"
],
"organization": "Alibaba Inc."
}
],
"cve": "CVE-2015-8817",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2016-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300771"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds flaw was found in the QEMU emulator built using \u0027address_space_translate\u0027 to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Qemu: OOB access in address_space_rw leads to segmentation fault",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-7.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8817"
},
{
"category": "external",
"summary": "RHBZ#1300771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8817",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8817"
}
],
"release_date": "2016-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-14T19:44:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RH7-RHOS-7.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2704"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"7Server-RH7-RHOS-7.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Qemu: OOB access in address_space_rw leads to segmentation fault"
},
{
"acknowledgments": [
{
"names": [
"Donghai Zdh"
],
"organization": "Alibaba Inc."
}
],
"cve": "CVE-2015-8818",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2016-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300771"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds flaw was found in the QEMU emulator built using \u0027address_space_translate\u0027 to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Qemu: OOB access in address_space_rw leads to segmentation fault",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-7.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8818"
},
{
"category": "external",
"summary": "RHBZ#1300771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8818",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8818"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8818",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8818"
}
],
"release_date": "2016-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-14T19:44:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RH7-RHOS-7.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2704"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"7Server-RH7-RHOS-7.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Qemu: OOB access in address_space_rw leads to segmentation fault"
},
{
"acknowledgments": [
{
"names": [
"Ling Liu"
],
"organization": "Qihoo 360 Inc."
}
],
"cve": "CVE-2016-2857",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2016-01-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1296567"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet\u0027s checksum, because a QEMU function used the packet\u0027s payload length without checking against the data buffer\u0027s size. A user inside a guest could use this flaw to crash the QEMU process (denial of service).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Qemu: net: out of bounds read in net_checksum_calculate()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This has been rated as having Low security impact and is not currently\nplanned to be addressed in future updates. For additional information, refer\nto the Red Hat Enterprise Linux Life Cycle:\nhttps://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-7.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2857"
},
{
"category": "external",
"summary": "RHBZ#1296567",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296567"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2857",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2857"
}
],
"release_date": "2016-02-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-14T19:44:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RH7-RHOS-7.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2704"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-7.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-7.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Qemu: net: out of bounds read in net_checksum_calculate()"
}
]
}
RHSA-2016:2705
Vulnerability from csaf_redhat - Published: 2016-11-14 20:03 - Updated: 2025-11-21 17:58Summary
Red Hat Security Advisory: qemu-kvm-rhev security, bug fix, and enhancement update
Severity
Moderate
Notes
Topic: An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager.
The following packages have been upgraded to a newer upstream version: qemu-kvm-rhev (2.6.0). (BZ#1386379)
Security Fix(es):
* An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service). (CVE-2015-8817, CVE-2015-8818)
Red Hat would like to thank Donghai Zdh of Alibaba Inc. for reporting this issue.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).
4.0 ()
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).
4.0 ()
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service).
4.7 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-6.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
17 references
Acknowledgments
Alibaba Inc.
Donghai Zdh
Qihoo 360 Inc.
Ling Liu
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager.\n\nThe following packages have been upgraded to a newer upstream version: qemu-kvm-rhev (2.6.0). (BZ#1386379)\n\nSecurity Fix(es):\n\n* An out-of-bounds flaw was found in the QEMU emulator built using \u0027address_space_translate\u0027 to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service). (CVE-2015-8817, CVE-2015-8818)\n\nRed Hat would like to thank Donghai Zdh of Alibaba Inc. for reporting this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2705",
"url": "https://access.redhat.com/errata/RHSA-2016:2705"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1300771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"category": "external",
"summary": "1374368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374368"
},
{
"category": "external",
"summary": "1386379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386379"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2705.json"
}
],
"title": "Red Hat Security Advisory: qemu-kvm-rhev security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T17:58:36+00:00",
"generator": {
"date": "2025-11-21T17:58:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2016:2705",
"initial_release_date": "2016-11-14T20:03:43+00:00",
"revision_history": [
{
"date": "2016-11-14T20:03:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-11-14T20:03:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:58:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product": {
"name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:6::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-tools-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-img-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-common-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev-debuginfo@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"product": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"product_id": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.6.0-27.el7?arch=src\u0026epoch=10"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-img-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.src as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.src"
},
"product_reference": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Donghai Zdh"
],
"organization": "Alibaba Inc."
}
],
"cve": "CVE-2015-8817",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2016-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300771"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds flaw was found in the QEMU emulator built using \u0027address_space_translate\u0027 to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Qemu: OOB access in address_space_rw leads to segmentation fault",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-6.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8817"
},
{
"category": "external",
"summary": "RHBZ#1300771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8817",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8817"
}
],
"release_date": "2016-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-14T20:03:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RH7-RHOS-6.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2705"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"7Server-RH7-RHOS-6.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Qemu: OOB access in address_space_rw leads to segmentation fault"
},
{
"acknowledgments": [
{
"names": [
"Donghai Zdh"
],
"organization": "Alibaba Inc."
}
],
"cve": "CVE-2015-8818",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2016-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300771"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds flaw was found in the QEMU emulator built using \u0027address_space_translate\u0027 to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Qemu: OOB access in address_space_rw leads to segmentation fault",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-6.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8818"
},
{
"category": "external",
"summary": "RHBZ#1300771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8818",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8818"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8818",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8818"
}
],
"release_date": "2016-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-14T20:03:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RH7-RHOS-6.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2705"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"7Server-RH7-RHOS-6.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Qemu: OOB access in address_space_rw leads to segmentation fault"
},
{
"acknowledgments": [
{
"names": [
"Ling Liu"
],
"organization": "Qihoo 360 Inc."
}
],
"cve": "CVE-2016-2857",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2016-01-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1296567"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet\u0027s checksum, because a QEMU function used the packet\u0027s payload length without checking against the data buffer\u0027s size. A user inside a guest could use this flaw to crash the QEMU process (denial of service).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Qemu: net: out of bounds read in net_checksum_calculate()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This has been rated as having Low security impact and is not currently\nplanned to be addressed in future updates. For additional information, refer\nto the Red Hat Enterprise Linux Life Cycle:\nhttps://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-6.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2857"
},
{
"category": "external",
"summary": "RHBZ#1296567",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296567"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2857",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2857"
}
],
"release_date": "2016-02-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-14T20:03:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RH7-RHOS-6.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2705"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-6.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-6.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Qemu: net: out of bounds read in net_checksum_calculate()"
}
]
}
RHSA-2016:2706
Vulnerability from csaf_redhat - Published: 2016-11-14 19:55 - Updated: 2025-11-21 17:58Summary
Red Hat Security Advisory: qemu-kvm-rhev security, bug fix, and enhancement update
Severity
Moderate
Notes
Topic: An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager.
The following packages have been upgraded to a newer upstream version: qemu-kvm-rhev (2.6.0). (BZ#1386377)
Security Fix(es):
* An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service). (CVE-2015-8817, CVE-2015-8818)
Red Hat would like to thank Donghai Zdh of Alibaba Inc. for reporting this issue.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).
4.0 ()
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).
4.0 ()
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service).
4.7 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-5.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
17 references
Acknowledgments
Alibaba Inc.
Donghai Zdh
Qihoo 360 Inc.
Ling Liu
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager.\n\nThe following packages have been upgraded to a newer upstream version: qemu-kvm-rhev (2.6.0). (BZ#1386377)\n\nSecurity Fix(es):\n\n* An out-of-bounds flaw was found in the QEMU emulator built using \u0027address_space_translate\u0027 to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service). (CVE-2015-8817, CVE-2015-8818)\n\nRed Hat would like to thank Donghai Zdh of Alibaba Inc. for reporting this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2706",
"url": "https://access.redhat.com/errata/RHSA-2016:2706"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1300771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"category": "external",
"summary": "1374369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374369"
},
{
"category": "external",
"summary": "1386377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386377"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2706.json"
}
],
"title": "Red Hat Security Advisory: qemu-kvm-rhev security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T17:58:36+00:00",
"generator": {
"date": "2025-11-21T17:58:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2016:2706",
"initial_release_date": "2016-11-14T19:55:21+00:00",
"revision_history": [
{
"date": "2016-11-14T19:55:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-11-14T19:55:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:58:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product": {
"name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product_id": "7Server-RH7-RHOS-5.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:5::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-tools-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-img-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-common-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev-debuginfo@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"product": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"product_id": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.6.0-27.el7?arch=src\u0026epoch=10"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-img-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product_id": "7Server-RH7-RHOS-5.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product_id": "7Server-RH7-RHOS-5.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.src as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product_id": "7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.src"
},
"product_reference": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOS-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product_id": "7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product_id": "7Server-RH7-RHOS-5.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product_id": "7Server-RH7-RHOS-5.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-5.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Donghai Zdh"
],
"organization": "Alibaba Inc."
}
],
"cve": "CVE-2015-8817",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2016-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300771"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds flaw was found in the QEMU emulator built using \u0027address_space_translate\u0027 to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Qemu: OOB access in address_space_rw leads to segmentation fault",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-5.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8817"
},
{
"category": "external",
"summary": "RHBZ#1300771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8817",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8817"
}
],
"release_date": "2016-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-14T19:55:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RH7-RHOS-5.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2706"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"7Server-RH7-RHOS-5.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Qemu: OOB access in address_space_rw leads to segmentation fault"
},
{
"acknowledgments": [
{
"names": [
"Donghai Zdh"
],
"organization": "Alibaba Inc."
}
],
"cve": "CVE-2015-8818",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2016-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300771"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds flaw was found in the QEMU emulator built using \u0027address_space_translate\u0027 to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Qemu: OOB access in address_space_rw leads to segmentation fault",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-5.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8818"
},
{
"category": "external",
"summary": "RHBZ#1300771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8818",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8818"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8818",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8818"
}
],
"release_date": "2016-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-14T19:55:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RH7-RHOS-5.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2706"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"7Server-RH7-RHOS-5.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Qemu: OOB access in address_space_rw leads to segmentation fault"
},
{
"acknowledgments": [
{
"names": [
"Ling Liu"
],
"organization": "Qihoo 360 Inc."
}
],
"cve": "CVE-2016-2857",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2016-01-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1296567"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet\u0027s checksum, because a QEMU function used the packet\u0027s payload length without checking against the data buffer\u0027s size. A user inside a guest could use this flaw to crash the QEMU process (denial of service).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Qemu: net: out of bounds read in net_checksum_calculate()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This has been rated as having Low security impact and is not currently\nplanned to be addressed in future updates. For additional information, refer\nto the Red Hat Enterprise Linux Life Cycle:\nhttps://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-5.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2857"
},
{
"category": "external",
"summary": "RHBZ#1296567",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296567"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2857",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2857"
}
],
"release_date": "2016-02-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-14T19:55:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RH7-RHOS-5.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2706"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-5.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-5.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Qemu: net: out of bounds read in net_checksum_calculate()"
}
]
}
RHSA-2016_2670
Vulnerability from csaf_redhat - Published: 2016-11-07 18:14 - Updated: 2024-11-14 19:58Summary
Red Hat Security Advisory: qemu-kvm-rhev security, bug fix, and enhancement update
Severity
Moderate
Notes
Topic: An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 8.0 (Liberty).
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager.
The following packages have been upgraded to a newer upstream version: qemu-kvm-rhev (2.6.0). (BZ#1386383)
Security Fix(es):
* An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service). (CVE-2015-8817, CVE-2015-8818)
Red Hat would like to thank Donghai Zdh of Alibaba Inc. for reporting this issue.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).
4.0 ()
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).
4.0 ()
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service).
4.7 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
17 references
Acknowledgments
Alibaba Inc.
Donghai Zdh
Qihoo 360 Inc.
Ling Liu
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 8.0 (Liberty).\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager.\n\nThe following packages have been upgraded to a newer upstream version: qemu-kvm-rhev (2.6.0). (BZ#1386383)\n\nSecurity Fix(es):\n\n* An out-of-bounds flaw was found in the QEMU emulator built using \u0027address_space_translate\u0027 to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service). (CVE-2015-8817, CVE-2015-8818)\n\nRed Hat would like to thank Donghai Zdh of Alibaba Inc. for reporting this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2670",
"url": "https://access.redhat.com/errata/RHSA-2016:2670"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1300771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"category": "external",
"summary": "1374366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374366"
},
{
"category": "external",
"summary": "1386383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386383"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2670.json"
}
],
"title": "Red Hat Security Advisory: qemu-kvm-rhev security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-14T19:58:43+00:00",
"generator": {
"date": "2024-11-14T19:58:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2016:2670",
"initial_release_date": "2016-11-07T18:14:27+00:00",
"revision_history": [
{
"date": "2016-11-07T18:14:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-11-07T18:14:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T19:58:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"product": {
"name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"product_id": "7Server-RH7-RHOS-8.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:8::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-tools-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-img-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-common-rhev@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"product": {
"name": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"product_id": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev-debuginfo@2.6.0-27.el7?arch=x86_64\u0026epoch=10"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"product": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"product_id": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.6.0-27.el7?arch=src\u0026epoch=10"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-img-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat OpenStack Platform 8.0 (Liberty)",
"product_id": "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat OpenStack Platform 8.0 (Liberty)",
"product_id": "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.src as a component of Red Hat OpenStack Platform 8.0 (Liberty)",
"product_id": "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src"
},
"product_reference": "qemu-kvm-rhev-10:2.6.0-27.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOS-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat OpenStack Platform 8.0 (Liberty)",
"product_id": "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64 as a component of Red Hat OpenStack Platform 8.0 (Liberty)",
"product_id": "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64 as a component of Red Hat OpenStack Platform 8.0 (Liberty)",
"product_id": "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
},
"product_reference": "qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-8.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Donghai Zdh"
],
"organization": "Alibaba Inc."
}
],
"cve": "CVE-2015-8817",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2016-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300771"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds flaw was found in the QEMU emulator built using \u0027address_space_translate\u0027 to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Qemu: OOB access in address_space_rw leads to segmentation fault",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8817"
},
{
"category": "external",
"summary": "RHBZ#1300771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8817",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8817"
}
],
"release_date": "2016-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-07T18:14:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2670"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Qemu: OOB access in address_space_rw leads to segmentation fault"
},
{
"acknowledgments": [
{
"names": [
"Donghai Zdh"
],
"organization": "Alibaba Inc."
}
],
"cve": "CVE-2015-8818",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2016-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300771"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds flaw was found in the QEMU emulator built using \u0027address_space_translate\u0027 to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance (denial of service).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Qemu: OOB access in address_space_rw leads to segmentation fault",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8818"
},
{
"category": "external",
"summary": "RHBZ#1300771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8818",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8818"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8818",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8818"
}
],
"release_date": "2016-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-07T18:14:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2670"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Qemu: OOB access in address_space_rw leads to segmentation fault"
},
{
"acknowledgments": [
{
"names": [
"Ling Liu"
],
"organization": "Qihoo 360 Inc."
}
],
"cve": "CVE-2016-2857",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2016-01-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1296567"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet\u0027s checksum, because a QEMU function used the packet\u0027s payload length without checking against the data buffer\u0027s size. A user inside a guest could use this flaw to crash the QEMU process (denial of service).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Qemu: net: out of bounds read in net_checksum_calculate()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This has been rated as having Low security impact and is not currently\nplanned to be addressed in future updates. For additional information, refer\nto the Red Hat Enterprise Linux Life Cycle:\nhttps://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2857"
},
{
"category": "external",
"summary": "RHBZ#1296567",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296567"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2857",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2857"
}
],
"release_date": "2016-02-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-07T18:14:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2670"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.src",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.6.0-27.el7.x86_64",
"7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.6.0-27.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Qemu: net: out of bounds read in net_checksum_calculate()"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…