Lucene search

K
ubuntucveUbuntu.comUB:CVE-2016-7907
HistoryOct 05, 2016 - 12:00 a.m.

CVE-2016-7907

2016-10-0500:00:00
ubuntu.com
ubuntu.com
22

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

26.7%

The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator)
does not properly limit the buffer descriptor count when transmitting
packets, which allows local guest OS administrators to cause a denial of
service (infinite loop and QEMU process crash) via vectors involving a
buffer descriptor with a length of 0 and crafted values in bd.flags.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchqemu< 1:2.5+dfsg-5ubuntu10.11UNKNOWN
ubuntu16.10noarchqemu< 1:2.6.1+dfsg-0ubuntu5.4UNKNOWN

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

26.7%