CVE-2016-9914
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
5.9 Medium
AI Score
Confidence
High
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
25.6%
Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations.
| CPE | Name | Operator | Version |
|---|---|---|---|
| qemu:qemu | qemu | le | 2.7.1 |
| qemu:qemu | qemu | eq | 2.8.0 |
| debian:debian_linux | debian debian linux | eq | 8.0 |
References
git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=702dbcc274e2ca43be20ba64c758c0ca57dab91d
www.openwall.com/lists/oss-security/2016/12/06/11
www.openwall.com/lists/oss-security/2016/12/08/7
www.securityfocus.com/bid/94729
lists.debian.org/debian-lts-announce/2018/09/msg00007.html
lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
security.gentoo.org/glsa/201701-49
Social References
More
Related
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
5.9 Medium
AI Score
Confidence
High
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
25.6%