4.4

CVE-2016-7421

The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit process IO loop to the ring size.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version <= 2.7.1
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.41% 0.321
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 0.8 3.6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE-834 Excessive Iteration

The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/201609-01
Third Party Advisory
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d251157ac1928191af851d199a9ff255d330bec9
http://www.openwall.com/lists/oss-security/2016/09/16/3
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/09/16/9
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/92998
Third Party Advisory
VDB Entry
https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03609.html
Patch
Third Party Advisory