CVE-2016-1981

MEDIUM

QEMU - DoS

Title source: llm
STIX 2.1

Description

QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS.

References (10)

Core 10
Core References
Patch, Vendor Advisory mailing-list x_refsource_mlist
https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201604-01
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3469
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3470
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/01/19/10
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1298570
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/01/22/1
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2585.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3471
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/81549

Scores

CVSS v3 5.5
EPSS 0.0006
EPSS Percentile 19.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-835
Status published
Products (3)
debian/debian_linux 7.0
debian/debian_linux 8.0
qemu/qemu < 2.5.1.1
Published Dec 29, 2016
Tracked Since Feb 18, 2026