6.5

CVE-2016-2858

QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version <= 2.5.1.1
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version15.10
CanonicalUbuntu Linux Version16.04 SwEditionlts
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.39% 0.313
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2 4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:N/I:N/A:P
CWE-331 Insufficient Entropy

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

https://security.gentoo.org/glsa/201604-01
Third Party Advisory
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956
http://www.openwall.com/lists/oss-security/2016/03/04/1
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/03/07/4
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/84134
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2974-1
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1314676
Patch
Third Party Advisory
Issue Tracking
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
Third Party Advisory
Mailing List