6
CVE-2016-8576
- EPSS 0.39%
- Veröffentlicht 04.11.2016 21:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Virtualization Version4.0
Debian ≫ Debian Linux Version8.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.303 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6 | 1.5 | 4 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:P
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
https://access.redhat.com/errata/RHSA-2017:2392
https://access.redhat.com/errata/RHSA-2017:2408
http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html
https://security.gentoo.org/glsa/201611-11
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=05f43d44e4bc26611ce25fd7d726e483f73363ce
http://www.openwall.com/lists/oss-security/2016/10/10/12
http://www.openwall.com/lists/oss-security/2016/10/10/6
http://www.securityfocus.com/bid/93469
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01265.html