CVE-2016-1981

MEDIUM

QEMU - DoS

Title source: llm

Description

QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS.

References (10)

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2016-2585.html

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3469

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3470

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3471

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/01/19/10

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/01/22/1

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/81549

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=1298570

[Patch, Vendor Advisory] https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html

[Third Party Advisory] https://security.gentoo.org/glsa/201604-01

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 19.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-835

Status published

Affected Products (4)

qemu/qemu < 2.5.1.1

debian/debian_linux

debian/debian_linux

n/a/n/a

Timeline

Published Dec 29, 2016

Tracked Since Feb 18, 2026