CVE-2016-2391

MEDIUM

Qemu < 2.5.1.1 - NULL Pointer Dereference

Title source: rule

Description

The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.

References (7)

Scores

CVSS v3 5.0
EPSS 0.0005
EPSS Percentile 16.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Classification

CWE
CWE-476
Status draft

Affected Products (6)

qemu/qemu < 2.5.1.1
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
debian/debian_linux

Timeline

Published Jun 16, 2016
Tracked Since Feb 18, 2026