Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-2197

Опубликовано: 28 янв. 2016
Источник: redhat
CVSS2: 2.3
EPSS Низкий

Описание

QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure (FIS) and Command List Block (CLB) entries. A privileged user inside guest could use this flaw to crash the QEMU process instance resulting in DoS.

A NULL pointer dereference flaw was found in the QEMU emulator built with IDE AHCI emulation support. The flaw occurs when unmapping the Frame Information Structure(FIS) & Command List Block(CLB) entries. A privileged user inside a guest could use this flaw to crash the QEMU process instance (denial of service).

Отчет

This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmNot affected
Red Hat Enterprise Linux 5xenNot affected
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 6qemu-kvm-rhevNot affected
Red Hat Enterprise Linux 7qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvm-rhevWill not fix
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)qemu-kvm-rhevWill not fix
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)qemu-kvm-rhevWill not fix
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)qemu-kvm-rhevWill not fix
Red Hat OpenStack Platform 8 (Liberty)qemu-kvm-rhevWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1302057Qemu: ide: ahci null pointer dereference when using FIS CLB engines

EPSS

Процентиль: 30%
0.00111
Низкий

2.3 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-2197

CVSS3: 5.5
ubuntu
около 9 лет назад

QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure (FIS) and Command List Block (CLB) entries. A privileged user inside guest could use this flaw to crash the QEMU process instance resulting in DoS.

nvd логотип

CVE-2016-2197

CVSS3: 5.5
nvd
около 9 лет назад

QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure (FIS) and Command List Block (CLB) entries. A privileged user inside guest could use this flaw to crash the QEMU process instance resulting in DoS.

debian логотип

CVE-2016-2197

CVSS3: 5.5
debian
около 9 лет назад

QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is ...

github логотип

GHSA-ph2m-74p3-x4w9

CVSS3: 5.5
github
больше 3 лет назад

QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure (FIS) and Command List Block (CLB) entries. A privileged user inside guest could use this flaw to crash the QEMU process instance resulting in DoS.

suse-cvrf логотип

openSUSE-SU-2016:1750-1

suse-cvrf
больше 9 лет назад

Security update for qemu

EPSS

Процентиль: 30%
0.00111
Низкий

2.3 Low

CVSS2