Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-5403

Опубликовано: 27 июл. 2016
Источник: redhat
CVSS3: 3.4
CVSS2: 2.3
EPSS Низкий

Описание

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

Quick Emulator (QEMU) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement results in unbounded memory allocation on the host controlled by the guest.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmAffected
Red Hat Enterprise Linux 5xenWill not fix
Red Hat Enterprise Linux 6qemu-kvm-rhevAffected
Red Hat OpenStack Platform 10 (Newton)qemu-kvm-rhevNot affected
Red Hat Enterprise Linux 5kvmFixedRHSA-2016:194327.09.2016
Red Hat Enterprise Linux 6qemu-kvmFixedRHSA-2016:158509.08.2016
Red Hat Enterprise Linux 7qemu-kvmFixedRHSA-2016:160611.08.2016
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6qemu-kvm-rhevFixedRHSA-2016:165223.08.2016
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7qemu-kvm-rhevFixedRHSA-2016:165523.08.2016
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7qemu-kvm-rhevFixedRHSA-2016:165423.08.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1358359Qemu: virtio: unbounded memory allocation on host via guest leading to DoS

EPSS

Процентиль: 21%
0.00066
Низкий

3.4 Low

CVSS3

2.3 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-5403

CVSS3: 5.5
ubuntu
больше 9 лет назад

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

nvd логотип

CVE-2016-5403

CVSS3: 5.5
nvd
больше 9 лет назад

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

debian логотип

CVE-2016-5403

CVSS3: 5.5
debian
больше 9 лет назад

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local ...

github логотип

GHSA-w9gj-prpq-pxm9

CVSS3: 5.5
github
больше 3 лет назад

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

oracle-oval логотип

ELSA-2016-1585

oracle-oval
больше 9 лет назад

ELSA-2016-1585: qemu-kvm security update (MODERATE)

EPSS

Процентиль: 21%
0.00066
Низкий

3.4 Low

CVSS3

2.3 Low

CVSS2

Уязвимость CVE-2016-5403