Risk | High |
Patch available | NO |
Number of vulnerabilities | 36 |
CVE-ID | CVE-2015-8345 CVE-2015-8619 CVE-2015-8504 CVE-2015-8568 CVE-2015-8613 CVE-2015-8666 CVE-2016-9907 CVE-2016-9908 CVE-2016-9911 CVE-2016-9912 CVE-2016-9921 CVE-2016-9923 CVE-2016-7466 CVE-2016-7422 CVE-2016-7421 CVE-2016-7170 CVE-2016-7157 CVE-2016-7156 CVE-2016-7155 CVE-2016-7116 CVE-2016-6888 CVE-2016-6836 CVE-2016-6835 CVE-2016-6834 CVE-2016-6833 CVE-2016-6490 CVE-2016-4964 CVE-2016-8669 CVE-2016-8667 CVE-2016-7423 CVE-2015-8558 CVE-2016-1568 CVE-2015-5158 CVE-2015-7295 CVE-2015-4106 CVE-2014-5388 |
CWE-ID | CWE-399 CWE-787 CWE-20 CWE-401 CWE-121 CWE-119 CWE-400 CWE-200 CWE-369 CWE-416 CWE-476 CWE-125 CWE-22 CWE-284 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
QEMU Client/Desktop applications / Virtualization software |
Vendor | QEMU |
Security Bulletin
This security bulletin contains information about 36 vulnerabilities.
EUVDB-ID: #VU39187
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-8345
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to a crash the entire system.
The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://www.debian.org/security/2016/dsa-3469
http://www.debian.org/security/2016/dsa-3470
http://www.debian.org/security/2016/dsa-3471
http://www.openwall.com/lists/oss-security/2015/11/25/11
http://www.securityfocus.com/bid/77985
http://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html
http://security.gentoo.org/glsa/201602-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39188
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-8619
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://www.debian.org/security/2016/dsa-3471
http://www.openwall.com/lists/oss-security/2015/12/23/1
http://www.securityfocus.com/bid/79668
http://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html
http://security.gentoo.org/glsa/201604-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39210
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-8504
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=4c65fed8bdf96780735dbdb92a8
http://www.debian.org/security/2016/dsa-3469
http://www.debian.org/security/2016/dsa-3470
http://www.debian.org/security/2016/dsa-3471
http://www.openwall.com/lists/oss-security/2015/12/08/7
http://www.securityfocus.com/bid/78708
http://bugzilla.redhat.com/show_bug.cgi?id=1289541
http://security.gentoo.org/glsa/201602-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39211
Risk: Medium
CVSSv3.1: 5.1 [AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2015-8568
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly. A remote attacker can perform a denial of service attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://www.debian.org/security/2016/dsa-3471
http://www.openwall.com/lists/oss-security/2015/12/15/10
http://www.securityfocus.com/bid/79721
http://bugzilla.redhat.com/show_bug.cgi?id=1289816
http://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html
http://security.gentoo.org/glsa/201602-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39212
Risk: Medium
CVSSv3.1: 5.1 [AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2015-8613
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a crafted SCSI controller CTRL_GET_INFO command. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://www.debian.org/security/2016/dsa-3471
http://www.openwall.com/lists/oss-security/2015/12/22/1
http://www.securityfocus.com/bid/79719
http://bugzilla.redhat.com/show_bug.cgi?id=1284008
http://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03737.html
http://security.gentoo.org/glsa/201604-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39213
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-8666
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to a crash the entire system.
Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://git.qemu-project.org/?p=qemu.git;a=commit;h=d9a3b33d2c9f996537b7f1d0246dee2d0120cefb
http://www.openwall.com/lists/oss-security/2015/12/24/1
http://www.securityfocus.com/bid/79670
http://bugzilla.redhat.com/show_bug.cgi?id=1283722
http://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
http://security.gentoo.org/glsa/201602-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39962
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-9907
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to a crash the entire system.
Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://www.openwall.com/lists/oss-security/2016/12/08/3
http://www.securityfocus.com/bid/94759
http://access.redhat.com/errata/RHSA-2017:2392
http://access.redhat.com/errata/RHSA-2017:2408
http://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
http://security.gentoo.org/glsa/201701-49
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39963
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-9908
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the host memory bytes.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://www.openwall.com/lists/oss-security/2016/12/08/4
http://www.securityfocus.com/bid/94761
http://security.gentoo.org/glsa/201701-49
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39964
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-9911
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to a crash the entire system.
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://www.openwall.com/lists/oss-security/2016/12/08/5
http://www.securityfocus.com/bid/94762
http://access.redhat.com/errata/RHSA-2017:2392
http://access.redhat.com/errata/RHSA-2017:2408
http://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
http://security.gentoo.org/glsa/201701-49
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39965
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-9912
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to a crash the entire system.
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://www.openwall.com/lists/oss-security/2016/12/08/6
http://www.securityfocus.com/bid/94760
http://security.gentoo.org/glsa/201701-49
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39966
Risk: Medium
CVSSv3.1: 6 [AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2016-9921
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to divide by zero error when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. A remote attacker can pass specially crafted file to the application and crash it.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://www.openwall.com/lists/oss-security/2016/12/09/1
http://www.securityfocus.com/bid/94803
http://access.redhat.com/errata/RHSA-2017:2392
http://access.redhat.com/errata/RHSA-2017:2408
http://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
http://security.gentoo.org/glsa/201701-49
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39967
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-9923
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to a crash the entire system.
Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://www.openwall.com/lists/oss-security/2016/12/09/2
http://www.securityfocus.com/bid/94827
http://security.gentoo.org/glsa/201701-49
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39979
Risk: Medium
CVSSv3.1: 5.5 [AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2016-7466
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device. A remote attacker can perform a denial of service attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://git.qemu.org/?p=qemu.git;a=commit;h=b53dd4495ced2432a0b652ea895e651d07336f7e
http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html
http://www.openwall.com/lists/oss-security/2016/09/19/8
http://www.openwall.com/lists/oss-security/2016/09/20/3
http://www.securityfocus.com/bid/93029
http://access.redhat.com/errata/RHSA-2017:2392
http://access.redhat.com/errata/RHSA-2017:2408
http://lists.gnu.org/archive/html/qemu-devel/2016-09/msg02773.html
http://security.gentoo.org/glsa/201611-11
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39980
Risk: Medium
CVSSv3.1: 5.5 [AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2016-7422
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a large I/O descriptor buffer length value.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://git.qemu.org/?p=qemu.git;a=commit;h=973e7170dddefb491a48df5cba33b2ae151013a0
http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html
http://www.openwall.com/lists/oss-security/2016/09/16/10
http://www.openwall.com/lists/oss-security/2016/09/16/4
http://www.securityfocus.com/bid/92996
http://access.redhat.com/errata/RHSA-2017:2392
http://access.redhat.com/errata/RHSA-2017:2408
http://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03546.html
http://security.gentoo.org/glsa/201609-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39981
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-7421
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit process IO loop to the ring size.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://git.qemu.org/?p=qemu.git;a=commit;h=d251157ac1928191af851d199a9ff255d330bec9
http://www.openwall.com/lists/oss-security/2016/09/16/3
http://www.openwall.com/lists/oss-security/2016/09/16/9
http://www.securityfocus.com/bid/92998
http://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
http://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03609.html
http://security.gentoo.org/glsa/201609-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39982
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-7170
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://git.qemu.org/?p=qemu.git;a=commit;h=167d97a3def77ee2dbf6e908b0ecbfe2103977db
http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html
http://www.openwall.com/lists/oss-security/2016/09/09/4
http://www.openwall.com/lists/oss-security/2016/09/09/7
http://www.securityfocus.com/bid/92904
http://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
http://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01764.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39983
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-7157
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://git.qemu.org/?p=qemu.git;a=commit;h=65a8e1f6413a0f6f79894da710b5d6d43361d27d
http://www.openwall.com/lists/oss-security/2016/09/06/4
http://www.openwall.com/lists/oss-security/2016/09/07/3
http://www.securityfocus.com/bid/92775
http://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04295.html
http://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04296.html
http://security.gentoo.org/glsa/201609-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39984
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-7156
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://git.qemu.org/?p=qemu.git;a=commit;h=49adc5d3f8c6bb75e55ebfeab109c5c37dea65e8
http://www.openwall.com/lists/oss-security/2016/09/06/3
http://www.openwall.com/lists/oss-security/2016/09/07/2
http://www.securityfocus.com/bid/92774
http://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
http://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00772.html
http://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01246.html
http://security.gentoo.org/glsa/201609-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39985
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-7155
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://git.qemu.org/?p=qemu.git;a=commit;h=7f61f4690dd153be98900a2a508b88989e692753
http://www.openwall.com/lists/oss-security/2016/09/06/2
http://www.openwall.com/lists/oss-security/2016/09/07/1
http://www.securityfocus.com/bid/92772
http://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
http://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39986
Risk: Medium
CVSSv3.1: 5.5 [AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2016-7116
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in hw/9pfs/9p.c in QEMU (aka Quick Emulator). A remote authenticated attacker can send a specially crafted HTTP request and local guest OS administrators to access host files outside the export path via a . (dot dot) in an unspecified string.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://git.qemu.org/?p=qemu.git;a=commit;h=56f101ecce0eafd09e2daf1c4eeb1377d6959261
http://www.openwall.com/lists/oss-security/2016/08/30/1
http://www.openwall.com/lists/oss-security/2016/08/30/3
http://www.securityfocus.com/bid/92680
http://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
http://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03917.html
http://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04231.html
http://security.gentoo.org/glsa/201609-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39987
Risk: Low
CVSSv3.1: 4.1 [AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2016-6888
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://git.qemu.org/?p=qemu.git;a=commit;h=47882fa4975bf0b58dd74474329fdd7154e8f04c
http://www.openwall.com/lists/oss-security/2016/08/19/10
http://www.openwall.com/lists/oss-security/2016/08/19/6
http://www.securityfocus.com/bid/92556
http://access.redhat.com/errata/RHSA-2017:2392
http://access.redhat.com/errata/RHSA-2017:2408
http://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
http://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03176.html
http://security.gentoo.org/glsa/201609-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39988
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6836
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://git.qemu.org/?p=qemu.git;a=commit;h=fdda170e50b8af062cf5741e12c4fb5e57a2eacf
http://www.openwall.com/lists/oss-security/2016/08/11/5
http://www.openwall.com/lists/oss-security/2016/08/18/5
http://www.securityfocus.com/bid/92444
http://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
http://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html
http://security.gentoo.org/glsa/201609-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39989
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6835
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to a crash the entire system.
The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://git.qemu.org/?p=qemu.git;a=commit;h=93060258ae748573ca7197204125a2670047896d
http://www.openwall.com/lists/oss-security/2016/08/11/7
http://www.openwall.com/lists/oss-security/2016/08/18/4
http://access.redhat.com/errata/RHSA-2017:2392
http://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
http://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39990
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6834
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://git.qemu.org/?p=qemu.git;a=commit;h=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05
http://www.openwall.com/lists/oss-security/2016/08/11/8
http://www.openwall.com/lists/oss-security/2016/08/18/7
http://www.securityfocus.com/bid/92446
http://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
http://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html
http://security.gentoo.org/glsa/201609-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39991
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6833
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://git.qemu.org/?p=qemu.git;a=commit;h=6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8
http://www.openwall.com/lists/oss-security/2016/08/12/1
http://www.openwall.com/lists/oss-security/2016/08/18/3
http://www.securityfocus.com/bid/93255
http://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
http://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01602.html
http://security.gentoo.org/glsa/201609-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39992
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6490
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://git.qemu.org/?p=qemu.git;a=commit;h=1e7aed70144b4673fc26e73062064b6724795e5f
http://www.openwall.com/lists/oss-security/2016/07/28/4
http://www.openwall.com/lists/oss-security/2016/07/28/9
http://lists.gnu.org/archive/html/qemu-devel/2016-07/msg06246.html
http://security.gentoo.org/glsa/201609-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU39993
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4964
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to a crash the entire system.
The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU process crash) via vectors involving s->state.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://git.qemu.org/?p=qemu.git;a=commit;h=06630554ccbdd25780aa03c3548aaff1eb56dffd
http://www.openwall.com/lists/oss-security/2016/05/24/4
http://www.openwall.com/lists/oss-security/2016/05/24/7
http://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04027.html
http://security.gentoo.org/glsa/201609-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU40050
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-8669
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to a crash the entire system.
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://git.qemu.org/?p=qemu.git;a=commit;h=3592fe0c919cf27a81d8e9f9b4f269553418bb01
http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html
http://www.openwall.com/lists/oss-security/2016/10/14/9
http://www.openwall.com/lists/oss-security/2016/10/15/5
http://www.securityfocus.com/bid/93563
http://access.redhat.com/errata/RHSA-2017:2392
http://access.redhat.com/errata/RHSA-2017:2408
http://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
http://security.gentoo.org/glsa/201611-11
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU40051
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-8667
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to a crash the entire system.
The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html
http://www.openwall.com/lists/oss-security/2016/10/14/6
http://www.openwall.com/lists/oss-security/2016/10/15/4
http://www.securityfocus.com/bid/93567
http://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
http://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU40074
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-7423
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors involving MPTSASRequest objects.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://git.qemu.org/?p=qemu.git;a=commit;h=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5
http://www.openwall.com/lists/oss-security/2016/09/16/11
http://www.openwall.com/lists/oss-security/2016/09/16/5
http://www.securityfocus.com/bid/92997
http://bugzilla.redhat.com/show_bug.cgi?id=1376776
http://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03604.html
http://security.gentoo.org/glsa/201611-11
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU40267
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-8558
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://git.qemu.org/?p=qemu.git;a=commit;h=156a2e4dbffa85997636a7a39ef12da6f1b40254
http://www.debian.org/security/2016/dsa-3469
http://www.debian.org/security/2016/dsa-3470
http://www.debian.org/security/2016/dsa-3471
http://www.openwall.com/lists/oss-security/2015/12/14/16
http://www.openwall.com/lists/oss-security/2015/12/14/9
http://www.securityfocus.com/bid/80694
http://bugzilla.redhat.com/show_bug.cgi?id=1277983
http://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02124.html
http://security.gentoo.org/glsa/201602-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU40395
Risk: High
CVSSv3.1: 7.8 [AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2016-1568
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows guest OS users to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://git.qemu.org/?p=qemu.git;a=commit;h=4ab0359a8ae182a7ac5c99609667273167703fab
http://rhn.redhat.com/errata/RHSA-2016-0084.html
http://rhn.redhat.com/errata/RHSA-2016-0086.html
http://rhn.redhat.com/errata/RHSA-2016-0087.html
http://rhn.redhat.com/errata/RHSA-2016-0088.html
http://www.debian.org/security/2016/dsa-3469
http://www.debian.org/security/2016/dsa-3470
http://www.debian.org/security/2016/dsa-3471
http://www.openwall.com/lists/oss-security/2016/01/09/1
http://www.openwall.com/lists/oss-security/2016/01/09/2
http://www.securityfocus.com/bid/80191
http://www.securitytracker.com/id/1034859
http://security.gentoo.org/glsa/201602-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU40396
Risk: Medium
CVSSv3.1: 5.4 [AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2015-5158
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing an invalid opcode in a SCSI command descriptor block. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://www.securityfocus.com/bid/76016
http://www.securitytracker.com/id/1033095
http://lists.nongnu.org/archive/html/qemu-devel/2015-07/msg04558.html
http://security.gentoo.org/glsa/201510-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU40605
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-7295
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://lists.fedoraproject.org/pipermail/package-announce/2015-October/169624.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169767.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169802.html
http://www.debian.org/security/2016/dsa-3469
http://www.debian.org/security/2016/dsa-3470
http://www.debian.org/security/2016/dsa-3471
http://www.openwall.com/lists/oss-security/2015/09/18/5
http://www.openwall.com/lists/oss-security/2015/09/18/9
http://www.securityfocus.com/bid/82672
http://security.gentoo.org/glsa/201602-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU40723
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-4106
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html
http://support.citrix.com/article/CTX201145
http://www.debian.org/security/2015/dsa-3284
http://www.debian.org/security/2015/dsa-3286
http://www.securityfocus.com/bid/74949
http://www.securitytracker.com/id/1032467
http://www.ubuntu.com/usn/USN-2630-1
http://xenbits.xen.org/xsa/advisory-131.html
http://security.gentoo.org/glsa/201604-03
http://support.citrix.com/article/CTX206006
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU41104
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-5388
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsQEMU: All versions
CPE2.3 External linkshttp://git.qemu.org/?p=qemu.git;a=commit;h=fa365d7cd11185237471823a5a33d36765454e16
http://seclists.org/oss-sec/2014/q3/438
http://seclists.org/oss-sec/2014/q3/440
http://www.ubuntu.com/usn/USN-2409-1
http://bugzilla.redhat.com/show_bug.cgi?id=1132956
http://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.