6

CVE-2016-7466

Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version <= 2.7.1
OpensuseLeap Version42.2
RedhatOpenstack Version6.0
RedhatOpenstack Version7.0
RedhatOpenstack Version8
RedhatOpenstack Version9
RedhatOpenstack Version10
RedhatOpenstack Version11
RedhatVirtualization Version4.0
   RedhatEnterprise Linux Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.09% 0.266
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 1.5 4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:N/I:N/A:P
CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

http://www.securityfocus.com/bid/93029
Third Party Advisory
VDB Entry