Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-2392

Опубликовано: 16 июн. 2016
Источник: nvd
CVSS3: 6.5
CVSS2: 2.1
EPSS Низкий

Описание

The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet.

Комментарий

CWE-476: NULL Pointer Dereference

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:qemu:qemu:2.5.0:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

EPSS

Процентиль: 25%
0.00086
Низкий

6.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2016-2392

CVSS3: 6.5
ubuntu
больше 9 лет назад

The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet.

redhat логотип

CVE-2016-2392

redhat
почти 10 лет назад

The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet.

debian логотип

CVE-2016-2392

CVSS3: 6.5
debian
больше 9 лет назад

The is_rndis function in the USB Net device emulator (hw/usb/dev-netwo ...

github логотип

GHSA-858x-x5xv-4rpm

CVSS3: 6.5
github
больше 3 лет назад

The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet.

suse-cvrf логотип

SUSE-SU-2016:2628-1

suse-cvrf
больше 9 лет назад

Security update for kvm

EPSS

Процентиль: 25%
0.00086
Низкий

6.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

NVD-CWE-Other