4.9

CVE-2016-7909

The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version <= 2.7.1
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.42% 0.334
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 0.8 3.6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/201611-11
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/10/03/3
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/10/03/6
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/93275
Third Party Advisory
VDB Entry
https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07942.html
Patch
Vendor Advisory
Mailing List