Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-2841

Опубликовано: 02 фев. 2016
Источник: redhat
CVSS2: 2.3
EPSS Низкий

Описание

The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.

An infinite-loop flaw was found in the QEMU emulator built with NE2000 NIC emulation support. The flaw could occur when receiving packets over the network. A privileged user inside a guest could exploit this flaw to crash the QEMU instance (denial of service).

Отчет

This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmWill not fix
Red Hat Enterprise Linux 5xenWill not fix
Red Hat Enterprise Linux 6qemu-kvmWill not fix
Red Hat Enterprise Linux 6qemu-kvm-rhevWill not fix
Red Hat Enterprise Linux 7qemu-kvmWill not fix
Red Hat Enterprise Linux 7qemu-kvm-rhevWill not fix
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)qemu-kvm-rhevNot affected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)qemu-kvm-rhevNot affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)qemu-kvm-rhevNot affected
Red Hat OpenStack Platform 8 (Liberty)qemu-kvm-rhevNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=1303106Qemu: net: ne2000: infinite loop in ne2000_receive

EPSS

Процентиль: 19%
0.00061
Низкий

2.3 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-2841

CVSS3: 6
ubuntu
больше 9 лет назад

The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.

nvd логотип

CVE-2016-2841

CVSS3: 6
nvd
больше 9 лет назад

The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.

debian логотип

CVE-2016-2841

CVSS3: 6
debian
больше 9 лет назад

The ne2000_receive function in the NE2000 NIC emulation support (hw/ne ...

github логотип

GHSA-fvfw-92qr-62hm

CVSS3: 6
github
больше 3 лет назад

The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.

suse-cvrf логотип

SUSE-SU-2016:1154-1

suse-cvrf
почти 10 лет назад

Security update for xen

EPSS

Процентиль: 19%
0.00061
Низкий

2.3 Low

CVSS2