CVE-2016-8576
MEDIUMQEMU < 2.7.1 - Denial of Service via Unlimited xHCI TRB Processing
Title source: llmDescription
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.
References (10)
Core 10
Core References
Patch, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01265.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201611-11
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/10/10/6
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2392
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/10/10/12
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2408
Patch x_refsource_confirm
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=05f43d44e4bc26611ce25fd7d726e483f73363ce
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93469
Scores
CVSS v3
6.0
EPSS
0.0011
EPSS Percentile
29.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Details
CWE
CWE-770
Status
published
Products (10)
debian/debian_linux
8.0
opensuse/leap
42.2
qemu/qemu
< 2.7.1
redhat/openstack
6.0
redhat/openstack
7.0
redhat/openstack
8
redhat/openstack
9
redhat/openstack
10
redhat/openstack
11
redhat/virtualization
4.0
Published
Nov 04, 2016
Tracked Since
Feb 18, 2026