PublicDateAtUSN: 2016-12-29 Candidate: CVE-2016-9915 PublicDate: 2016-12-29 22:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9915 https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html http://www.openwall.com/lists/oss-security/2016/12/06/11 https://ubuntu.com/security/notices/USN-3261-1 Description: Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend. Ubuntu-Description: Notes: Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847496 Priority: low Discovered-by: Li Qiang Assigned-to: CVSS: nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H [6.5 MEDIUM] nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H [6.5 MEDIUM] Patches_qemu-kvm: upstream_qemu-kvm: needed precise_qemu-kvm: ignored (reached end-of-life) precise/esm_qemu-kvm: ignored (end of ESM support, was needed) trusty_qemu-kvm: DNE trusty/esm_qemu-kvm: DNE vivid/ubuntu-core_qemu-kvm: DNE vivid/stable-phone-overlay_qemu-kvm: DNE xenial_qemu-kvm: DNE yakkety_qemu-kvm: DNE zesty_qemu-kvm: DNE artful_qemu-kvm: DNE bionic_qemu-kvm: DNE cosmic_qemu-kvm: DNE disco_qemu-kvm: DNE eoan_qemu-kvm: DNE focal_qemu-kvm: DNE groovy_qemu-kvm: DNE hirsute_qemu-kvm: DNE devel_qemu-kvm: DNE Patches_qemu: upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=971f406b77a6eb84e0ad27dcc416b663765aee30 upstream_qemu: needed precise_qemu: DNE precise/esm_qemu: DNE trusty_qemu: released (2.0.0+dfsg-2ubuntu1.33) trusty/esm_qemu: released (2.0.0+dfsg-2ubuntu1.33) vivid/ubuntu-core_qemu: DNE vivid/stable-phone-overlay_qemu: DNE xenial_qemu: released (1:2.5+dfsg-5ubuntu10.11) esm-infra/xenial_qemu: released (1:2.5+dfsg-5ubuntu10.11) yakkety_qemu: released (1:2.6.1+dfsg-0ubuntu5.4) zesty_qemu: not-affected (1:2.8+dfsg-3ubuntu2) artful_qemu: not-affected (1:2.8+dfsg-3ubuntu2) bionic_qemu: not-affected (1:2.8+dfsg-3ubuntu2) cosmic_qemu: not-affected (1:2.8+dfsg-3ubuntu2) disco_qemu: not-affected (1:2.8+dfsg-3ubuntu2) eoan_qemu: not-affected (1:2.8+dfsg-3ubuntu2) focal_qemu: not-affected (1:2.8+dfsg-3ubuntu2) groovy_qemu: not-affected (1:2.8+dfsg-3ubuntu2) hirsute_qemu: not-affected (1:2.8+dfsg-3ubuntu2) devel_qemu: not-affected (1:2.8+dfsg-3ubuntu2)