Linux Distros Unpatched Vulnerability : CVE-2016-2392

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The isrndis function in the USB Net device emulator hw/usb/dev-network.c in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects,...

SUSE: Security Advisory (SUSE-SU-2016:2628-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:2589-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:2781-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : qemu (SUSE-SU-2016:2781-1)

qemu was updated to fix 21 security issues. These security issues were fixed : - CVE-2014-5388: Off-by-one error in the pciread function in the ACPI PCI hotplug interface hw/acpi/pcihp.c in QEMU allowed local guest users to obtain sensitive information and have other unspecified impact related to...

openSUSE Security Update : qemu (openSUSE-2016-1234)

qemu was updated to fix 19 security issues. These security issues were fixed : - CVE-2016-2392: The isrndis function in the USB Net device emulator hw/usb/dev-network.c in QEMU did not properly validate USB configuration descriptor objects, which allowed local guest OS administrators to cause a...

Security update for qemu (important)

qemu was updated to fix 19 security issues. These security issues were fixed: - CVE-2016-2392: The isrndis function in the USB Net device emulator hw/usb/dev-network.c in QEMU did not properly validate USB configuration descriptor objects, which allowed local guest OS administrators to cause a...

SUSE SLES11 Security Update : kvm (SUSE-SU-2016:2628-1)

kvm was updated to fix 16 security issues. These security issues were fixed : - CVE-2015-6815: e1000 NIC emulation support was vulnerable to an infinite loop issue. A privileged user inside guest could have used this flaw to crash the Qemu instance resulting in DoS. bsc944697. - CVE-2016-2391: Th...

SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2016:2589-1)

qemu was updated to fix 19 security issues. These security issues were fixed : - CVE-2016-2392: The isrndis function in the USB Net device emulator hw/usb/dev-network.c in QEMU did not properly validate USB configuration descriptor objects, which allowed local guest OS administrators to cause a...

SUSE-SU-2016:2589-1 Security update for qemu

qemu was updated to fix 19 security issues. These security issues were fixed: - CVE-2016-2392: The isrndis function in the USB Net device emulator hw/usb/dev-network.c in QEMU did not properly validate USB configuration descriptor objects, which allowed local guest OS administrators to cause a...

CVE-2016-2392

The isrndis function in the USB Net device emulator hw/usb/dev-network.c in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service NULL pointer dereference and QEMU process crash via vectors...

CVE-2016-2392

CVE-2016-2392 : QEMU’s USB Net device emulator (hw/usb/dev-network.c) before 2.5.1 fails to validate USB configuration descriptor objects, enabling a local privileged/disguised administrator to trigger a NULL pointer dereference and crash the QEMU process via remote NDIS control messages. Affecte...

Ubuntu 14.04 LTS / 16.04 LTS : QEMU vulnerabilities (USN-2974-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2974-1 advisory. Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulation support. A privileged attacker inside the guest could use this issue t...

USN-2974-1: QEMU vulnerabilities

Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2016-2391 Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation support. A...

openSUSE Security Update : xen (openSUSE-2016-439)

xen was updated to version 4.4.4 to fix 33 security issues. These security issues were fixed : - CVE-2016-2392: NULL pointer dereference in remote NDIS control message handling bsc967012. - CVE-2015-5239: Integer overflow in vncclientread and protocolclientmsg bsc944463. - CVE-2016-2270: Xen...

Fedora 22 : qemu-2.3.1-13.fc22 (2016-bfaf6a133b)

CVE-2016-2538: Integer overflow in usb module bz 1305815 CVE-2016-2841: ne2000: infinite loop bz 1304047 CVE-2016-2857: net: out of bounds read bz 1309564 CVE-2016-2392: usb: NULL pointer dereference bz 1307115 spice: fix spicechraddwatch crash bz 1315049 Note that Tenable Network Security has...

openSUSE: Security Advisory for xen (openSUSE-SU-2016:0995-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for xen (important)

xen was updated to version 4.4.4 to fix 33 security issues. These security issues were fixed: - CVE-2016-2392: NULL pointer dereference in remote NDIS control message handling bsc967012. - CVE-2015-5239: Integer overflow in vncclientread and protocolclientmsg bsc944463. - CVE-2016-2270: Xen allow...

GLSA-201604-01 : QEMU: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201604-01 QEMU: Multiple vulnerabilities Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact : Local users within a guest QEMU environment can execute...

Fedora 24 : qemu-2.5.0-10.fc24 (2016-1b264ab4a4)

CVE-2016-2538: Integer overflow in usb module bz 1305815 CVE-2016-2841: ne2000: infinite loop bz 1304047 CVE-2016-2857: net: out of bounds read bz 1309564 CVE-2016-2392: usb: NULL pointer dereference bz 1307115 Fix external snapshot any more after active committing bz 1300209 Note that Tenable...