CVE-2016-7907

EPSS 0.11%
Published 05.10.2016 16:59:10
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.

Affected products Warnungen 0 Metrics 3 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Qemu ≫ Qemu Version <= 2.8.1.1

Qemu ≫ Qemu Version2.9.0 Updaterc0

Qemu ≫ Qemu Version2.9.0 Updaterc1

Qemu ≫ Qemu Version2.9.0 Updaterc2

Qemu ≫ Qemu Version2.9.0 Updaterc3

Qemu ≫ Qemu Version2.9.0 Updaterc4

Qemu ≫ Qemu Version2.9.0 Updaterc5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.304

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.4	0.8	3.6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html

Third Party Advisory

Mailing List

https://security.gentoo.org/glsa/201611-11

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/10/03/1

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2016/10/03/4

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/93274