CVE-2016-7155
4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.6 Medium
AI Score
Confidence
High
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
25.9%
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings.
| CPE | Name | Operator | Version |
|---|---|---|---|
| qemu:qemu | qemu | le | 2.7.1 |
| debian:debian_linux | debian debian linux | eq | 8.0 |
References
git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7f61f4690dd153be98900a2a508b88989e692753
www.openwall.com/lists/oss-security/2016/09/06/2
www.openwall.com/lists/oss-security/2016/09/07/1
www.securityfocus.com/bid/92772
lists.debian.org/debian-lts-announce/2018/11/msg00038.html
lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html
Social References
More
Related
4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.6 Medium
AI Score
Confidence
High
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
25.9%