CVE-2016-5403
Published: 2 August 2016
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
Notes
Author | Note |
---|---|
mdeslaur | the patch for this CVE introduced a regression and was later reverted pending investigation. See LP: #1612089. proposed regression fixes: http://lists.nongnu.org/archive/html/qemu-devel/2016-08/msg01038.html http://lists.nongnu.org/archive/html/qemu-devel/2016-08/msg02666.html |
Priority
Status
Package | Release | Status |
---|---|---|
qemu Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Released
(2.0.0+dfsg-2ubuntu1.30)
|
|
upstream |
Needs triage
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Released
(1:2.5+dfsg-5ubuntu10.6)
|
|
yakkety |
Released
(1:2.6.1+dfsg-0ubuntu5.1)
|
|
Patches: upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=afd9096eb1882f23929f5b5c177898ed231bac66 upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=bccdef6b1a204db0f41ffb6e24ce373e4d7890d4 upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=58a83c61496eeb0d31571a07a51bc1947e3379ac upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=4b7f91ed0270a371e1933efa21ba600b6da23ab9 upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=104e70cae78bd4afd95d948c6aff188f10508a9c |
||
qemu-kvm Launchpad, Ubuntu, Debian |
precise |
Released
(1.0+noroms-0ubuntu14.31)
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
xen Launchpad, Ubuntu, Debian |
precise |
Released
(4.1.6.1-0ubuntu0.12.04.12)
|
trusty |
Released
(4.4.2-0ubuntu0.14.04.7)
|
|
upstream |
Needs triage
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(uses system qemu)
|
|
yakkety |
Not vulnerable
(uses system qemu)
|
|
Binaries built from this source package are in Universe and so are supported by the community. |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |