CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
28.2%
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest
OS administrators to cause a denial of service (memory consumption and QEMU
process crash) by submitting requests without waiting for completion.
Author | Note |
---|---|
mdeslaur | the patch for this CVE introduced a regression and was later reverted pending investigation. See LP: #1612089. proposed regression fixes: http://lists.nongnu.org/archive/html/qemu-devel/2016-08/msg01038.html http://lists.nongnu.org/archive/html/qemu-devel/2016-08/msg02666.html |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | qemu | < 2.0.0+dfsg-2ubuntu1.30 | UNKNOWN |
ubuntu | 16.04 | noarch | qemu | < 1:2.5+dfsg-5ubuntu10.6 | UNKNOWN |
ubuntu | 16.10 | noarch | qemu | < 1:2.6.1+dfsg-0ubuntu5.1 | UNKNOWN |
ubuntu | 12.04 | noarch | qemu-kvm | < 1.0+noroms-0ubuntu14.31 | UNKNOWN |
ubuntu | 12.04 | noarch | xen | < 4.1.6.1-0ubuntu0.12.04.12 | UNKNOWN |
ubuntu | 14.04 | noarch | xen | < 4.4.2-0ubuntu0.14.04.7 | UNKNOWN |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
28.2%