{"id": "UB:CVE-2016-9915", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2016-9915", "description": "Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows\nlocal privileged guest OS users to cause a denial of service (host memory\nconsumption and possibly QEMU process crash) by leveraging a missing\ncleanup operation in the handle backend.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847496>\n", "published": "2016-12-29T00:00:00", "modified": "2016-12-29T00:00:00", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0}, "href": "https://ubuntu.com/security/CVE-2016-9915", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9915", "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html", "http://www.openwall.com/lists/oss-security/2016/12/06/11", "https://ubuntu.com/security/notices/USN-3261-1", "https://nvd.nist.gov/vuln/detail/CVE-2016-9915", "https://launchpad.net/bugs/cve/CVE-2016-9915", "https://security-tracker.debian.org/tracker/CVE-2016-9915"], "cvelist": ["CVE-2016-9915"], "immutableFields": [], "lastseen": "2021-11-22T21:44:52", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-9915"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1497-1:58644"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-9915"]}, {"type": "fedora", "idList": ["FEDORA:3D25F60BA90D", "FEDORA:96CED60CA522", "FEDORA:96EDD607628D", "FEDORA:B93A9606730B", "FEDORA:B9F69605DCC4"]}, {"type": "gentoo", "idList": ["GLSA-201701-49"]}, {"type": "ibm", "idList": ["B367FA606C58481C89B4ED0BA9E6AEBC2E9112EE731CBFCDB561135B3870281D"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1497.NASL", "GENTOO_GLSA-201701-49.NASL", "UBUNTU_USN-3261-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843132", "OPENVAS:1361412562310872166", "OPENVAS:1361412562310872169", "OPENVAS:1361412562310872184", "OPENVAS:1361412562310872282", "OPENVAS:1361412562310872304", "OPENVAS:1361412562310891497"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-9913", "RH:CVE-2016-9914", "RH:CVE-2016-9915", "RH:CVE-2016-9916"]}, {"type": "ubuntu", "idList": ["USN-3261-1"]}], "rev": 4}, "score": {"value": 5.2, "vector": "NONE"}, "affectedPackage": {"addedAffectedPackage": [{"operator": "lt", "packageName": "qemu-system-ppc", "OS": "Ubuntu", "packageVersion": "1:2.6.1+dfsg-0ubuntu5.4", "arch": "noarch", "packageFilename": "UNKNOWN", "OSVersion": "16.10"}, {"operator": "lt", "OS": "Ubuntu", "packageVersion": "1:2.6.1+dfsg-0ubuntu5.4", "arch": "noarch", "packageName": "qemu-system-x86", "packageFilename": "UNKNOWN", "OSVersion": "16.10"}, {"operator": "lt", "OS": "Ubuntu", "packageVersion": "1:2.6.1+dfsg-0ubuntu5.4", "arch": "noarch", "packageName": "qemu-system-arm", "packageFilename": "UNKNOWN", "OSVersion": "16.10"}, {"operator": "lt", "OS": "Ubuntu", "packageVersion": "1:2.6.1+dfsg-0ubuntu5.4", "arch": "noarch", "packageName": "qemu-system-s390x", "packageFilename": "UNKNOWN", "OSVersion": "16.10"}, {"operator": "lt", "OS": "Ubuntu", "packageVersion": "1:2.6.1+dfsg-0ubuntu5.4", "arch": "noarch", "packageName": "qemu-system-mips", "packageFilename": "UNKNOWN", "OSVersion": "16.10"}, {"packageName": "qemu-system-misc", "operator": "lt", "OS": "Ubuntu", "packageVersion": "1:2.6.1+dfsg-0ubuntu5.4", "arch": "noarch", "packageFilename": "UNKNOWN", "OSVersion": "16.10"}, {"operator": "lt", "OS": "Ubuntu", "packageVersion": "1:2.6.1+dfsg-0ubuntu5.4", "arch": "noarch", "packageName": "qemu-system", "packageFilename": "UNKNOWN", "OSVersion": "16.10"}, {"operator": "lt", "OS": "Ubuntu", "packageName": "qemu-system-aarch64", "packageVersion": "1:2.6.1+dfsg-0ubuntu5.4", "arch": "noarch", "packageFilename": "UNKNOWN", "OSVersion": "16.10"}, {"operator": "lt", "OS": "Ubuntu", "packageVersion": "1:2.6.1+dfsg-0ubuntu5.4", "arch": "noarch", "packageName": "qemu-system-sparc", "packageFilename": "UNKNOWN", "OSVersion": "16.10"}], "modified": "2021-07-31T00:13:01"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2016-9915"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-9915"]}, {"type": "fedora", "idList": ["FEDORA:3D25F60BA90D", "FEDORA:B93A9606730B", "FEDORA:B9F69605DCC4"]}, {"type": "gentoo", "idList": ["GLSA-201701-49"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201701-49.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310872166", "OPENVAS:1361412562310872169", "OPENVAS:1361412562310872184"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-9913", "RH:CVE-2016-9914", "RH:CVE-2016-9915", "RH:CVE-2016-9916"]}]}, "exploitation": null, "vulnersScore": 5.2}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needed", "packageName": "qemu"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "1:2.5+dfsg-5ubuntu10.11", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "qemu"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "2.0.0+dfsg-2ubuntu1.33", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "qemu"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needed", "packageName": "qemu-kvm"}], "bugs": ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847496"], "_state": {"dependencies": 1647589307, "score": 0}}

{"cve": [{"lastseen": "2022-03-23T16:44:34", "description": "Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2016-12-29T22:59:00", "type": "cve", "title": "CVE-2016-9915", "cwe": ["CWE-401"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9915"], "modified": "2020-11-10T18:44:00", "cpe": ["cpe:/a:qemu:qemu:2.8.0", "cpe:/a:qemu:qemu:2.7.1", "cpe:/o:debian:debian_linux:8.0"], "id": "CVE-2016-9915", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9915", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:qemu:qemu:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.8.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:qemu:qemu:2.8.0:rc0:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2022-05-15T19:34:29", "description": "Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2016-12-29T22:59:00", "type": "debiancve", "title": "CVE-2016-9915", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9915"], "modified": "2016-12-29T22:59:00", "id": "DEBIANCVE:CVE-2016-9915", "href": "https://security-tracker.debian.org/tracker/CVE-2016-9915", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "redhatcve": [{"lastseen": "2021-09-02T22:52:23", "description": "Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend.\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2016-12-08T07:48:10", "type": "redhatcve", "title": "CVE-2016-9915", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9913", "CVE-2016-9914", "CVE-2016-9915", "CVE-2016-9916"], "modified": "2020-08-18T14:40:52", "id": "RH:CVE-2016-9915", "href": "https://access.redhat.com/security/cve/cve-2016-9915", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-09-02T22:52:23", "description": "Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations.\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2016-12-08T07:48:15", "type": "redhatcve", "title": "CVE-2016-9914", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9913", "CVE-2016-9914", "CVE-2016-9915", "CVE-2016-9916"], "modified": "2020-08-18T14:40:46", "id": "RH:CVE-2016-9914", "href": "https://access.redhat.com/security/cve/cve-2016-9914", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-09-02T22:52:26", "description": "Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) via vectors involving the order of resource cleanup.\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2016-12-08T07:47:43", "type": "redhatcve", "title": "CVE-2016-9913", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9913", "CVE-2016-9914", "CVE-2016-9915", "CVE-2016-9916"], "modified": "2020-08-18T14:40:38", "id": "RH:CVE-2016-9913", "href": "https://access.redhat.com/security/cve/cve-2016-9913", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-09-02T22:52:24", "description": "Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend.\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2016-12-08T07:48:02", "type": "redhatcve", "title": "CVE-2016-9916", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9913", "CVE-2016-9914", "CVE-2016-9915", "CVE-2016-9916"], "modified": "2020-08-18T14:41:08", "id": "RH:CVE-2016-9916", "href": "https://access.redhat.com/security/cve/cve-2016-9916", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "edition": 2, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2016-12-19T23:25:44", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: xen-4.7.1-5.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9815", "CVE-2016-9816", "CVE-2016-9817", "CVE-2016-9913", "CVE-2016-9914", "CVE-2016-9915", "CVE-2016-9921", "CVE-2016-9922", "CVE-2016-9932"], "modified": "2016-12-19T23:25:44", "id": "FEDORA:B9F69605DCC4", "href": "", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "edition": 2, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2016-12-19T01:27:21", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: xen-4.5.5-5.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9637", "CVE-2016-9815", "CVE-2016-9816", "CVE-2016-9817", "CVE-2016-9818", "CVE-2016-9913", "CVE-2016-9914", "CVE-2016-9915", "CVE-2016-9921", "CVE-2016-9922"], "modified": "2016-12-19T01:27:21", "id": "FEDORA:3D25F60BA90D", "href": "", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "edition": 2, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2016-12-23T13:51:19", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: xen-4.6.4-4.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9637", "CVE-2016-9815", "CVE-2016-9816", "CVE-2016-9817", "CVE-2016-9818", "CVE-2016-9913", "CVE-2016-9914", "CVE-2016-9915", "CVE-2016-9921", "CVE-2016-9922", "CVE-2016-9932"], "modified": "2016-12-23T13:51:19", "id": "FEDORA:B93A9606730B", "href": "", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "edition": 2, "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2017-01-25T20:23:25", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: qemu-2.6.2-6.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10028", "CVE-2016-6836", "CVE-2016-7909", "CVE-2016-7994", "CVE-2016-8577", "CVE-2016-8578", "CVE-2016-8668", "CVE-2016-8669", "CVE-2016-8909", "CVE-2016-8910", "CVE-2016-9101", "CVE-2016-9102", "CVE-2016-9103", "CVE-2016-9104", "CVE-2016-9105", "CVE-2016-9106", "CVE-2016-9381", "CVE-2016-9776", "CVE-2016-9845", "CVE-2016-9846", "CVE-2016-9907", "CVE-2016-9908", "CVE-2016-9911", "CVE-2016-9912", "CVE-2016-9913", "CVE-2016-9914", "CVE-2016-9915", "CVE-2016-9921", "CVE-2016-9922"], "modified": "2017-01-25T20:23:25", "id": "FEDORA:96EDD607628D", "href": "", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code. * User mode emulation. In this mode, QEMU can launch Linux processes compi led for one CPU on another CPU. As QEMU requires no host kernel patches to run, it is safe and easy to use. ", "edition": 2, "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2017-01-20T18:11:06", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: qemu-2.7.1-2.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10028", "CVE-2016-6836", "CVE-2016-7909", "CVE-2016-7994", "CVE-2016-8577", "CVE-2016-8578", "CVE-2016-8668", "CVE-2016-8669", "CVE-2016-8909", "CVE-2016-9101", "CVE-2016-9102", "CVE-2016-9103", "CVE-2016-9104", "CVE-2016-9105", "CVE-2016-9106", "CVE-2016-9381", "CVE-2016-9776", "CVE-2016-9845", "CVE-2016-9846", "CVE-2016-9907", "CVE-2016-9908", "CVE-2016-9911", "CVE-2016-9912", "CVE-2016-9913", "CVE-2016-9914", "CVE-2016-9915", "CVE-2016-9921", "CVE-2016-9922"], "modified": "2017-01-20T18:11:06", "id": "FEDORA:96CED60CA522", "href": "", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:35:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-19T00:00:00", "type": "openvas", "title": "Fedora Update for xen FEDORA-2016-cc2916dcf4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9637", "CVE-2016-9818", "CVE-2016-9915", "CVE-2016-9922", "CVE-2016-9916", "CVE-2016-9815", "CVE-2016-9914", "CVE-2016-9816", "CVE-2016-9921", "CVE-2016-9913", "CVE-2016-9817"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872166", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872166", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2016-cc2916dcf4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872166\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-19 06:13:39 +0100 (Mon, 19 Dec 2016)\");\n script_cve_id(\"CVE-2016-9815\", \"CVE-2016-9816\", \"CVE-2016-9817\", \"CVE-2016-9818\", \"CVE-2016-9921\", \"CVE-2016-9922\", \"CVE-2016-9637\", \"CVE-2016-9913\", \"CVE-2016-9914\", \"CVE-2016-9915\", \"CVE-2016-9916\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2016-cc2916dcf4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-cc2916dcf4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KBJRH37EFT37GXFTPXFFF6VA2QUNBKPB\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.5.5~5.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:49", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-20T00:00:00", "type": "openvas", "title": "Fedora Update for xen FEDORA-2016-1b868c23a9", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9818", "CVE-2016-9915", "CVE-2016-9922", "CVE-2016-9932", "CVE-2016-9916", "CVE-2016-9815", "CVE-2016-9914", "CVE-2016-9816", "CVE-2016-9921", "CVE-2016-9913", "CVE-2016-9817"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872169", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872169", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2016-1b868c23a9\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872169\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-20 06:00:50 +0100 (Tue, 20 Dec 2016)\");\n script_cve_id(\"CVE-2016-9932\", \"CVE-2016-9815\", \"CVE-2016-9816\", \"CVE-2016-9817\",\n \"CVE-2016-9818\", \"CVE-2016-9921\", \"CVE-2016-9922\", \"CVE-2016-9913\",\n \"CVE-2016-9914\", \"CVE-2016-9915\", \"CVE-2016-9916\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2016-1b868c23a9\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-1b868c23a9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7OVS6LN5Y35RH3ERTM3HS25TCWC4HQH\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.7.1~5.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-26T00:00:00", "type": "openvas", "title": "Fedora Update for xen FEDORA-2016-bcbae0781f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9637", "CVE-2016-9818", "CVE-2016-9915", "CVE-2016-9922", "CVE-2016-9932", "CVE-2016-9916", "CVE-2016-9815", "CVE-2016-9914", "CVE-2016-9816", "CVE-2016-9921", "CVE-2016-9913", "CVE-2016-9817"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872184", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872184", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2016-bcbae0781f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872184\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-26 06:03:41 +0100 (Mon, 26 Dec 2016)\");\n script_cve_id(\"CVE-2016-9932\", \"CVE-2016-9815\", \"CVE-2016-9816\", \"CVE-2016-9817\",\n \"CVE-2016-9818\", \"CVE-2016-9921\", \"CVE-2016-9922\", \"CVE-2016-9637\",\n \"CVE-2016-9913\", \"CVE-2016-9914\", \"CVE-2016-9915\", \"CVE-2016-9916\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2016-bcbae0781f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-bcbae0781f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTUTHSETSKEL5RS2HA3FWRYANKYMNOXJ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.6.4~4.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-21T00:00:00", "type": "openvas", "title": "Fedora Update for qemu FEDORA-2017-b953d4d3a4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8577", "CVE-2016-9101", "CVE-2016-9776", "CVE-2016-9915", "CVE-2016-9922", "CVE-2016-8668", "CVE-2016-9916", "CVE-2016-9846", "CVE-2016-8578", "CVE-2016-9912", "CVE-2016-8669", "CVE-2016-9103", "CVE-2016-9914", "CVE-2016-10028", "CVE-2016-9908", "CVE-2016-9381", "CVE-2016-7994", "CVE-2016-8909", "CVE-2016-9921", "CVE-2016-9104", "CVE-2016-9907", "CVE-2016-9913", "CVE-2016-9845", "CVE-2016-9911", "CVE-2016-9106", "CVE-2016-9102", "CVE-2016-7909", "CVE-2016-9105", "CVE-2016-6836"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872282", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872282", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qemu FEDORA-2017-b953d4d3a4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872282\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-21 05:44:03 +0100 (Sat, 21 Jan 2017)\");\n script_cve_id(\"CVE-2016-6836\", \"CVE-2016-7909\", \"CVE-2016-7994\", \"CVE-2016-8577\",\n\t\t\"CVE-2016-8578\", \"CVE-2016-8668\", \"CVE-2016-8669\", \"CVE-2016-8909\",\n\t\t\"CVE-2016-9101\", \"CVE-2016-9103\", \"CVE-2016-9102\", \"CVE-2016-9104\",\n\t\t\"CVE-2016-9105\", \"CVE-2016-9106\", \"CVE-2016-9381\", \"CVE-2016-9921\",\n\t\t\"CVE-2016-9776\", \"CVE-2016-9845\", \"CVE-2016-9846\", \"CVE-2016-9907\",\n\t\t\"CVE-2016-9911\", \"CVE-2016-9913\", \"CVE-2016-10028\", \"CVE-2016-9908\",\n\t\t\"CVE-2016-9912\", \"CVE-2016-9922\", \"CVE-2016-9914\", \"CVE-2016-9915\",\n\t\t\"CVE-2016-9916\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qemu FEDORA-2017-b953d4d3a4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qemu on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-b953d4d3a4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3P2MMLAOGAYXF3BJW7266UZLPLFAXJRS\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.7.1~2.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-26T00:00:00", "type": "openvas", "title": "Fedora Update for qemu FEDORA-2017-12394e2cc7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8577", "CVE-2016-9101", "CVE-2016-9776", "CVE-2016-9915", "CVE-2016-9922", "CVE-2016-8668", "CVE-2016-9916", "CVE-2016-9846", "CVE-2016-8578", "CVE-2016-9912", "CVE-2016-8669", "CVE-2016-9103", "CVE-2016-9914", "CVE-2016-10028", "CVE-2016-8910", "CVE-2016-9908", "CVE-2016-9381", "CVE-2016-7994", "CVE-2016-8909", "CVE-2016-9921", "CVE-2016-9104", "CVE-2016-9907", "CVE-2016-9913", "CVE-2016-9845", "CVE-2016-9911", "CVE-2016-9106", "CVE-2016-9102", "CVE-2016-7909", "CVE-2016-9105", "CVE-2016-6836"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872304", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872304", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qemu FEDORA-2017-12394e2cc7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872304\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-26 05:46:11 +0100 (Thu, 26 Jan 2017)\");\n script_cve_id(\"CVE-2016-6836\", \"CVE-2016-7909\", \"CVE-2016-7994\", \"CVE-2016-8577\",\n\t\t\"CVE-2016-8578\", \"CVE-2016-8668\", \"CVE-2016-8669\", \"CVE-2016-8910\",\n\t\t\"CVE-2016-8909\", \"CVE-2016-9101\", \"CVE-2016-9103\", \"CVE-2016-9102\",\n\t\t\"CVE-2016-9104\", \"CVE-2016-9105\", \"CVE-2016-9106\", \"CVE-2016-9381\",\n\t\t\"CVE-2016-9921\", \"CVE-2016-9776\", \"CVE-2016-9845\", \"CVE-2016-9846\",\n\t\t\"CVE-2016-9907\", \"CVE-2016-9911\", \"CVE-2016-9913\", \"CVE-2016-10028\",\n\t\t\"CVE-2016-9908\", \"CVE-2016-9912\", \"CVE-2016-9922\", \"CVE-2016-9914\",\n\t\t\"CVE-2016-9915\", \"CVE-2016-9916\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qemu FEDORA-2017-12394e2cc7\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qemu on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-12394e2cc7\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZR6TVHCSVY76P44HEPPSZLBWWKTNM4V7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.6.2~6.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for qemu USN-3261-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5552", "CVE-2016-9776", "CVE-2016-9915", "CVE-2016-10155", "CVE-2016-9922", "CVE-2016-10029", "CVE-2017-2615", "CVE-2017-5526", "CVE-2017-6505", "CVE-2016-9916", "CVE-2016-9846", "CVE-2016-9912", "CVE-2016-8669", "CVE-2017-5525", "CVE-2017-5579", "CVE-2016-9914", "CVE-2017-5973", "CVE-2016-7907", "CVE-2016-10028", "CVE-2017-5987", "CVE-2016-8667", "CVE-2017-5898", "CVE-2016-9908", "CVE-2017-2633", "CVE-2016-9381", "CVE-2016-9921", "CVE-2016-9602", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5578", "CVE-2017-5667", "CVE-2016-9907", "CVE-2016-9913", "CVE-2016-9845", "CVE-2016-9911", "CVE-2017-5857", "CVE-2016-9603"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843132", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843132", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for qemu USN-3261-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843132\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-21 06:43:11 +0200 (Fri, 21 Apr 2017)\");\n script_cve_id(\"CVE-2016-10028\", \"CVE-2016-10029\", \"CVE-2016-10155\", \"CVE-2016-7907\",\n \"CVE-2016-8667\", \"CVE-2016-8669\", \"CVE-2016-9381\", \"CVE-2016-9602\",\n \"CVE-2016-9603\", \"CVE-2016-9776\", \"CVE-2016-9845\", \"CVE-2016-9908\",\n \"CVE-2016-9846\", \"CVE-2016-9912\", \"CVE-2017-5552\", \"CVE-2017-5578\",\n \"CVE-2017-5857\", \"CVE-2016-9907\", \"CVE-2016-9911\", \"CVE-2016-9913\",\n \"CVE-2016-9914\", \"CVE-2016-9915\", \"CVE-2016-9916\", \"CVE-2016-9921\",\n \"CVE-2016-9922\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-2633\",\n \"CVE-2017-5525\", \"CVE-2017-5526\", \"CVE-2017-5579\", \"CVE-2017-5667\",\n \"CVE-2017-5856\", \"CVE-2017-5898\", \"CVE-2017-5973\", \"CVE-2017-5987\",\n \"CVE-2017-6505\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for qemu USN-3261-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Zhenhao Hong discovered that QEMU\nincorrectly handled the Virtio GPU device. An attacker inside the guest could use\nthis issue to cause QEMU to crash, resulting in a denial of service. This issue only\naffected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10028, CVE-2016-10029)\n\nLi Qiang discovered that QEMU incorrectly handled the 6300esb watchdog. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. (CVE-2016-10155)\n\nLi Qiang discovered that QEMU incorrectly handled the i.MX Fast Ethernet\nController. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. This issue only\naffected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7907)\n\nIt was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. (CVE-2016-8667)\n\nIt was discovered that QEMU incorrectly handled the 16550A UART device. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. (CVE-2016-8669)\n\nIt was discovered that QEMU incorrectly handled the shared rings when used\nwith Xen. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service, or possibly execute\narbitrary code on the host. (CVE-2016-9381)\n\nJann Horn discovered that QEMU incorrectly handled VirtFS directory\nsharing. A privileged attacker inside the guest could use this issue to\naccess files on the host file system outside of the shared directory and\npossibly escalate their privileges. In the default installation, when QEMU\nis used with libvirt, attackers would be isolated by the libvirt AppArmor\nprofile. (CVE-2016-9602)\n\nGerd Hoffmann discovered that QEMU incorrectly handled the Cirrus VGA\ndevice when being used with a VNC connection. A privileged attacker inside\nthe guest could use this issue to cause QEMU to crash, resulting in a\ndenial of service, or possibly execute arbitrary code on the host. In the\ndefault installation, when QEMU is used with libvirt, attackers would be\nisolated by the libvirt AppArmor profile. (CVE-2016-9603)\n\nIt was discovered that QEMU incorrectly handled the ColdFire Fast Ethernet\nController. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. (CVE-2016-9776)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An\nattacker inside the guest could use this iss ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"qemu on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3261-1\");\n script_xref(name:\"URL\", value:\"https://www.ubuntu.com/usn/USN-3261-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"2.0.0+dfsg-2ubuntu1.33\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-s390x\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.6.1+dfsg-0ubuntu5.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-s390x\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.5+dfsg-5ubuntu10.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T20:06:50", "description": "Infinite loop issues in the USB xHCI, in the transfer mode register\nof the SDHCI protocol, and the USB ohci_service_ed_list\n\nCVE-2017-7377\n\n9pfs: host memory leakage via v9fs_create\n\nCVE-2017-7493\n\nImproper access control issues in the host directory sharing via\n9pfs support.\n\nCVE-2017-7980\n\nHeap-based buffer overflow in the Cirrus VGA device that could allow\nlocal guest OS users to execute arbitrary code or cause a denial of\nservice\n\nCVE-2017-8086\n\n9pfs: host memory leakage via v9pfs_list_xattr\n\nCVE-2017-8112\n\nInfinite loop in the VMWare PVSCSI emulation\n\nCVE-2017-8309 / CVE-2017-8379\n\nHost memory leakage issues via the audio capture buffer and the\nkeyboard input event handlers\n\nCVE-2017-9330\n\nInfinite loop due to incorrect return value in USB OHCI that may\nresult in denial of service\n\nCVE-2017-9373 / CVE-2017-9374\n\nHost memory leakage during hot unplug in IDE AHCI and USB emulated\ndevices that could result in denial of service\n\nCVE-2017-9503\n\nNull pointer dereference while processing megasas command\n\nCVE-2017-10806\n\nStack buffer overflow in USB redirector\n\nCVE-2017-10911\n\nXen disk may leak stack data via response ring\n\nCVE-2017-11434\n\nOut-of-bounds read while parsing Slirp/DHCP options\n\nCVE-2017-14167\n\nOut-of-bounds access while processing multiboot headers that could\nresult in the execution of arbitrary code\n\nCVE-2017-15038\n\n9pfs: information disclosure when reading extended attributes\n\nCVE-2017-15289\n\nOut-of-bounds write access issue in the Cirrus graphic adaptor that\ncould result in denial of service\n\nCVE-2017-16845\n\nInformation leak in the PS/2 mouse and keyboard emulation support that\ncould be exploited during instance migration\n\nCVE-2017-18043\n\nInteger overflow in the macro ROUND_UP (n, d) that could result in\ndenial of service\n\nCVE-2018-7550\n\nIncorrect handling of memory during multiboot that could may result in\nexecution of arbitrary code", "cvss3": {}, "published": "2018-09-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for qemu (DLA-1497-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16845", "CVE-2018-5683", "CVE-2017-9503", "CVE-2016-9776", "CVE-2017-8112", "CVE-2017-7493", "CVE-2016-9915", "CVE-2017-7718", "CVE-2016-10155", "CVE-2016-9922", "CVE-2017-9374", "CVE-2017-8379", "CVE-2017-7980", "CVE-2017-15038", "CVE-2017-2615", "CVE-2015-8666", "CVE-2017-8086", "CVE-2017-5526", "CVE-2017-6505", "CVE-2016-9916", "CVE-2017-14167", "CVE-2017-9330", "CVE-2016-6835", "CVE-2017-7377", "CVE-2016-8669", "CVE-2017-5525", "CVE-2017-15289", "CVE-2017-5579", "CVE-2016-9914", "CVE-2017-5973", "CVE-2017-8309", "CVE-2017-5715", "CVE-2017-5987", "CVE-2017-18030", "CVE-2016-8667", "CVE-2017-10911", "CVE-2016-2198", "CVE-2017-10806", "CVE-2016-9921", "CVE-2016-8576", "CVE-2016-9602", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5667", "CVE-2016-6833", "CVE-2016-9907", "CVE-2016-9911", "CVE-2018-7550", "CVE-2017-11434", "CVE-2017-9373", "CVE-2017-18043", "CVE-2016-9603"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891497", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891497", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891497\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2015-8666\", \"CVE-2016-10155\", \"CVE-2016-2198\", \"CVE-2016-6833\", \"CVE-2016-6835\",\n \"CVE-2016-8576\", \"CVE-2016-8667\", \"CVE-2016-8669\", \"CVE-2016-9602\", \"CVE-2016-9603\",\n \"CVE-2016-9776\", \"CVE-2016-9907\", \"CVE-2016-9911\", \"CVE-2016-9914\", \"CVE-2016-9915\",\n \"CVE-2016-9916\", \"CVE-2016-9921\", \"CVE-2016-9922\", \"CVE-2017-10806\", \"CVE-2017-10911\",\n \"CVE-2017-11434\", \"CVE-2017-14167\", \"CVE-2017-15038\", \"CVE-2017-15289\", \"CVE-2017-16845\",\n \"CVE-2017-18030\", \"CVE-2017-18043\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-5525\",\n \"CVE-2017-5526\", \"CVE-2017-5579\", \"CVE-2017-5667\", \"CVE-2017-5715\", \"CVE-2017-5856\",\n \"CVE-2017-5973\", \"CVE-2017-5987\", \"CVE-2017-6505\", \"CVE-2017-7377\", \"CVE-2017-7493\",\n \"CVE-2017-7718\", \"CVE-2017-7980\", \"CVE-2017-8086\", \"CVE-2017-8112\", \"CVE-2017-8309\",\n \"CVE-2017-8379\", \"CVE-2017-9330\", \"CVE-2017-9373\", \"CVE-2017-9374\", \"CVE-2017-9503\",\n \"CVE-2018-5683\", \"CVE-2018-7550\");\n script_name(\"Debian LTS: Security Advisory for qemu (DLA-1497-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-09-07 00:00:00 +0200 (Fri, 07 Sep 2018)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"qemu on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1:2.1+dfsg-12+deb8u7.\n\nWe recommend that you upgrade your qemu packages.\");\n\n script_tag(name:\"summary\", value:\"Infinite loop issues in the USB xHCI, in the transfer mode register\nof the SDHCI protocol, and the USB ohci_service_ed_list\n\nCVE-2017-7377\n\n9pfs: host memory leakage via v9fs_create\n\nCVE-2017-7493\n\nImproper access control issues in the host directory sharing via\n9pfs support.\n\nCVE-2017-7980\n\nHeap-based buffer overflow in the Cirrus VGA device that could allow\nlocal guest OS users to execute arbitrary code or cause a denial of\nservice\n\nCVE-2017-8086\n\n9pfs: host memory leakage via v9pfs_list_xattr\n\nCVE-2017-8112\n\nInfinite loop in the VMWare PVSCSI emulation\n\nCVE-2017-8309 / CVE-2017-8379\n\nHost memory leakage issues via the audio capture buffer and the\nkeyboard input event handlers\n\nCVE-2017-9330\n\nInfinite loop due to incorrect return value in USB OHCI that may\nresult in denial of service\n\nCVE-2017-9373 / CVE-2017-9374\n\nHost memory leakage during hot unplug in IDE AHCI and USB emulated\ndevices that could result in denial of service\n\nCVE-2017-9503\n\nNull pointer dereference while processing megasas command\n\nCVE-2017-10806\n\nStack buffer overflow in USB redirector\n\nCVE-2017-10911\n\nXen disk may leak stack data via response ring\n\nCVE-2017-11434\n\nOut-of-bounds read while parsing Slirp/DHCP options\n\nCVE-2017-14167\n\nOut-of-bounds access while processing multiboot headers that could\nresult in the execution of arbitrary code\n\nCVE-2017-15038\n\n9pfs: information disclosure when reading extended attributes\n\nCVE-2017-15289\n\nOut-of-bounds write access issue in the Cirrus graphic adaptor that\ncould result in denial of service\n\nCVE-2017-16845\n\nInformation leak in the PS/2 mouse and keyboard emulation support that\ncould be exploited during instance migration\n\nCVE-2017-18043\n\nInteger overflow in the macro ROUND_UP (n, d) that could result in\ndenial of service\n\nCVE-2018-7550\n\nIncorrect handling of memory during multiboot that could may result in\nexecution of arbitrary code\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"qemu\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-guest-agent\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-common\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-user\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-user-binfmt\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:05:51", "description": "### Background\n\nQEMU is a generic and open source machine emulator and virtualizer.\n\n### Description\n\nMultiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA privileged user/process within a guest QEMU environment can cause a Denial of Service condition against the QEMU guest process or the host. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll QEMU users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/qemu-2.8.0\"", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2017-01-23T00:00:00", "type": "gentoo", "title": "QEMU: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10028", "CVE-2016-9101", "CVE-2016-9776", "CVE-2016-9845", "CVE-2016-9846", "CVE-2016-9907", "CVE-2016-9908", "CVE-2016-9911", "CVE-2016-9912", "CVE-2016-9913", "CVE-2016-9914", "CVE-2016-9915", "CVE-2016-9916", "CVE-2016-9921", "CVE-2016-9923"], "modified": "2017-01-23T00:00:00", "id": "GLSA-201701-49", "href": "https://security.gentoo.org/glsa/201701-49", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2021-08-19T12:38:16", "description": "The remote host is affected by the vulnerability described in GLSA-201701-49 (QEMU: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A privileged user/process within a guest QEMU environment can cause a Denial of Service condition against the QEMU guest process or the host.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2017-01-23T00:00:00", "type": "nessus", "title": "GLSA-201701-49 : QEMU: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10028", "CVE-2016-9101", "CVE-2016-9776", "CVE-2016-9845", "CVE-2016-9846", "CVE-2016-9907", "CVE-2016-9908", "CVE-2016-9911", "CVE-2016-9912", "CVE-2016-9913", "CVE-2016-9914", "CVE-2016-9915", "CVE-2016-9916", "CVE-2016-9921", "CVE-2016-9923"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:qemu", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201701-49.NASL", "href": "https://www.tenable.com/plugins/nessus/96684", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201701-49.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96684);\n script_version(\"3.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10028\", \"CVE-2016-9101\", \"CVE-2016-9776\", \"CVE-2016-9845\", \"CVE-2016-9846\", \"CVE-2016-9907\", \"CVE-2016-9908\", \"CVE-2016-9911\", \"CVE-2016-9912\", \"CVE-2016-9913\", \"CVE-2016-9914\", \"CVE-2016-9915\", \"CVE-2016-9916\", \"CVE-2016-9921\", \"CVE-2016-9923\");\n script_xref(name:\"GLSA\", value:\"201701-49\");\n\n script_name(english:\"GLSA-201701-49 : QEMU: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201701-49\n(QEMU: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in QEMU. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A privileged user/process within a guest QEMU environment can cause a\n Denial of Service condition against the QEMU guest process or the host.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201701-49\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All QEMU users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/qemu-2.8.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-emulation/qemu\", unaffected:make_list(\"ge 2.8.0\"), vulnerable:make_list(\"lt 2.8.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"QEMU\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:37:28", "description": "Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10028, CVE-2016-10029)\n\nLi Qiang discovered that QEMU incorrectly handled the 6300esb watchdog. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service.\n(CVE-2016-10155)\n\nLi Qiang discovered that QEMU incorrectly handled the i.MX Fast Ethernet Controller. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service.\nThis issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10.\n(CVE-2016-7907)\n\nIt was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-8667)\n\nIt was discovered that QEMU incorrectly handled the 16550A UART device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-8669)\n\nIt was discovered that QEMU incorrectly handled the shared rings when used with Xen. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. (CVE-2016-9381)\n\nJann Horn discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to access files on the host file system outside of the shared directory and possibly escalate their privileges. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-9602)\n\nGerd Hoffmann discovered that QEMU incorrectly handled the Cirrus VGA device when being used with a VNC connection. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile.\n(CVE-2016-9603)\n\nIt was discovered that QEMU incorrectly handled the ColdFire Fast Ethernet Controller. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service.\n(CVE-2016-9776)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to leak contents of host memory. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9845, CVE-2016-9908)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9846, CVE-2016-9912, CVE-2017-5552, CVE-2017-5578, CVE-2017-5857)\n\nLi Qiang discovered that QEMU incorrectly handled the USB redirector.\nAn attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9907)\n\nLi Qiang discovered that QEMU incorrectly handled USB EHCI emulation.\nAn attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-9911)\n\nLi Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service.\n(CVE-2016-9913, CVE-2016-9914, CVE-2016-9915, CVE-2016-9916)\n\nQinghao Tang, Li Qiang, and Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-9921, CVE-2016-9922)\n\nWjjzhang and Li Qiang discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2017-2615)\n\nIt was discovered that QEMU incorrectly handled the Cirrus VGA device.\nA privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2017-2620)\n\nIt was discovered that QEMU incorrectly handled VNC connections. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-2633)\n\nLi Qiang discovered that QEMU incorrectly handled the ac97 audio device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5525)\n\nLi Qiang discovered that QEMU incorrectly handled the es1370 audio device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5526)\n\nLi Qiang discovered that QEMU incorrectly handled the 16550A UART device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5579)\n\nJiang Xin discovered that QEMU incorrectly handled SDHCI device emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2017-5667)\n\nLi Qiang discovered that QEMU incorrectly handled the MegaRAID SAS device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5856)\n\nLi Qiang discovered that QEMU incorrectly handled the CCID Card device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5898)\n\nLi Qiang discovered that QEMU incorrectly handled USB xHCI controller emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service.\n(CVE-2017-5973)\n\nJiang Xin and Wjjzhang discovered that QEMU incorrectly handled SDHCI device emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service.\n(CVE-2017-5987)\n\nLi Qiang discovered that QEMU incorrectly handled USB OHCI controller emulation. A privileged attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service.\n(CVE-2017-6505).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-04-21T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : qemu vulnerabilities (USN-3261-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10028", "CVE-2016-10029", "CVE-2016-10155", "CVE-2016-7907", "CVE-2016-8667", "CVE-2016-8669", "CVE-2016-9381", "CVE-2016-9602", "CVE-2016-9603", "CVE-2016-9776", "CVE-2016-9845", "CVE-2016-9846", "CVE-2016-9907", "CVE-2016-9908", "CVE-2016-9911", "CVE-2016-9912", "CVE-2016-9913", "CVE-2016-9914", "CVE-2016-9915", "CVE-2016-9916", "CVE-2016-9921", "CVE-2016-9922", "CVE-2017-2615", "CVE-2017-2620", "CVE-2017-2633", "CVE-2017-5525", "CVE-2017-5526", "CVE-2017-5552", "CVE-2017-5578", "CVE-2017-5579", "CVE-2017-5667", "CVE-2017-5856", "CVE-2017-5857", "CVE-2017-5898", "CVE-2017-5973", "CVE-2017-5987", "CVE-2017-6505"], "modified": "2021-06-03T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:qemu-system", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-aarch64", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-arm", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-mips", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-misc", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-ppc", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-s390x", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-sparc", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-x86", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3261-1.NASL", "href": "https://www.tenable.com/plugins/nessus/99581", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3261-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99581);\n script_version(\"3.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/03\");\n\n script_cve_id(\"CVE-2016-10028\", \"CVE-2016-10029\", \"CVE-2016-10155\", \"CVE-2016-7907\", \"CVE-2016-8667\", \"CVE-2016-8669\", \"CVE-2016-9381\", \"CVE-2016-9602\", \"CVE-2016-9603\", \"CVE-2016-9776\", \"CVE-2016-9845\", \"CVE-2016-9846\", \"CVE-2016-9907\", \"CVE-2016-9908\", \"CVE-2016-9911\", \"CVE-2016-9912\", \"CVE-2016-9913\", \"CVE-2016-9914\", \"CVE-2016-9915\", \"CVE-2016-9916\", \"CVE-2016-9921\", \"CVE-2016-9922\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-2633\", \"CVE-2017-5525\", \"CVE-2017-5526\", \"CVE-2017-5552\", \"CVE-2017-5578\", \"CVE-2017-5579\", \"CVE-2017-5667\", \"CVE-2017-5856\", \"CVE-2017-5857\", \"CVE-2017-5898\", \"CVE-2017-5973\", \"CVE-2017-5987\", \"CVE-2017-6505\");\n script_xref(name:\"USN\", value:\"3261-1\");\n script_xref(name:\"IAVB\", value:\"2017-B-0024-S\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : qemu vulnerabilities (USN-3261-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU\ndevice. An attacker inside the guest could use this issue to cause\nQEMU to crash, resulting in a denial of service. This issue only\naffected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10028,\nCVE-2016-10029)\n\nLi Qiang discovered that QEMU incorrectly handled the 6300esb\nwatchdog. A privileged attacker inside the guest could use this issue\nto cause QEMU to crash, resulting in a denial of service.\n(CVE-2016-10155)\n\nLi Qiang discovered that QEMU incorrectly handled the i.MX Fast\nEthernet Controller. A privileged attacker inside the guest could use\nthis issue to cause QEMU to crash, resulting in a denial of service.\nThis issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10.\n(CVE-2016-7907)\n\nIt was discovered that QEMU incorrectly handled the JAZZ RC4030\ndevice. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. (CVE-2016-8667)\n\nIt was discovered that QEMU incorrectly handled the 16550A UART\ndevice. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. (CVE-2016-8669)\n\nIt was discovered that QEMU incorrectly handled the shared rings when\nused with Xen. A privileged attacker inside the guest could use this\nissue to cause QEMU to crash, resulting in a denial of service, or\npossibly execute arbitrary code on the host. (CVE-2016-9381)\n\nJann Horn discovered that QEMU incorrectly handled VirtFS directory\nsharing. A privileged attacker inside the guest could use this issue\nto access files on the host file system outside of the shared\ndirectory and possibly escalate their privileges. In the default\ninstallation, when QEMU is used with libvirt, attackers would be\nisolated by the libvirt AppArmor profile. (CVE-2016-9602)\n\nGerd Hoffmann discovered that QEMU incorrectly handled the Cirrus VGA\ndevice when being used with a VNC connection. A privileged attacker\ninside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service, or possibly execute arbitrary code\non the host. In the default installation, when QEMU is used with\nlibvirt, attackers would be isolated by the libvirt AppArmor profile.\n(CVE-2016-9603)\n\nIt was discovered that QEMU incorrectly handled the ColdFire Fast\nEthernet Controller. A privileged attacker inside the guest could use\nthis issue to cause QEMU to crash, resulting in a denial of service.\n(CVE-2016-9776)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU\ndevice. An attacker inside the guest could use this issue to cause\nQEMU to leak contents of host memory. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 16.10. (CVE-2016-9845, CVE-2016-9908)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU\ndevice. An attacker inside the guest could use this issue to cause\nQEMU to crash, resulting in a denial of service. This issue only\naffected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9846,\nCVE-2016-9912, CVE-2017-5552, CVE-2017-5578, CVE-2017-5857)\n\nLi Qiang discovered that QEMU incorrectly handled the USB redirector.\nAn attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. This issue only affected\nUbuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9907)\n\nLi Qiang discovered that QEMU incorrectly handled USB EHCI emulation.\nAn attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. (CVE-2016-9911)\n\nLi Qiang discovered that QEMU incorrectly handled VirtFS directory\nsharing. A privileged attacker inside the guest could use this issue\nto cause QEMU to crash, resulting in a denial of service.\n(CVE-2016-9913, CVE-2016-9914, CVE-2016-9915, CVE-2016-9916)\n\nQinghao Tang, Li Qiang, and Jiangxin discovered that QEMU incorrectly\nhandled the Cirrus VGA device. A privileged attacker inside the guest\ncould use this issue to cause QEMU to crash, resulting in a denial of\nservice. (CVE-2016-9921, CVE-2016-9922)\n\nWjjzhang and Li Qiang discovered that QEMU incorrectly handled the\nCirrus VGA device. A privileged attacker inside the guest could use\nthis issue to cause QEMU to crash, resulting in a denial of service,\nor possibly execute arbitrary code on the host. In the default\ninstallation, when QEMU is used with libvirt, attackers would be\nisolated by the libvirt AppArmor profile. (CVE-2017-2615)\n\nIt was discovered that QEMU incorrectly handled the Cirrus VGA device.\nA privileged attacker inside the guest could use this issue to cause\nQEMU to crash, resulting in a denial of service, or possibly execute\narbitrary code on the host. In the default installation, when QEMU is\nused with libvirt, attackers would be isolated by the libvirt AppArmor\nprofile. (CVE-2017-2620)\n\nIt was discovered that QEMU incorrectly handled VNC connections. An\nattacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. (CVE-2017-2633)\n\nLi Qiang discovered that QEMU incorrectly handled the ac97 audio\ndevice. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. (CVE-2017-5525)\n\nLi Qiang discovered that QEMU incorrectly handled the es1370 audio\ndevice. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. (CVE-2017-5526)\n\nLi Qiang discovered that QEMU incorrectly handled the 16550A UART\ndevice. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. (CVE-2017-5579)\n\nJiang Xin discovered that QEMU incorrectly handled SDHCI device\nemulation. A privileged attacker inside the guest could use this issue\nto cause QEMU to crash, resulting in a denial of service, or possibly\nexecute arbitrary code on the host. In the default installation, when\nQEMU is used with libvirt, attackers would be isolated by the libvirt\nAppArmor profile. (CVE-2017-5667)\n\nLi Qiang discovered that QEMU incorrectly handled the MegaRAID SAS\ndevice. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. (CVE-2017-5856)\n\nLi Qiang discovered that QEMU incorrectly handled the CCID Card\ndevice. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. (CVE-2017-5898)\n\nLi Qiang discovered that QEMU incorrectly handled USB xHCI controller\nemulation. A privileged attacker inside the guest could use this issue\nto cause QEMU to crash, resulting in a denial of service.\n(CVE-2017-5973)\n\nJiang Xin and Wjjzhang discovered that QEMU incorrectly handled SDHCI\ndevice emulation. A privileged attacker inside the guest could use\nthis issue to cause QEMU to crash, resulting in a denial of service.\n(CVE-2017-5987)\n\nLi Qiang discovered that QEMU incorrectly handled USB OHCI controller\nemulation. A privileged attacker inside the guest could use this issue\nto cause QEMU to hang, resulting in a denial of service.\n(CVE-2017-6505).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3261-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-ppc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-sparc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2021 Canonical, Inc. / NASL script (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system\", pkgver:\"2.0.0+dfsg-2ubuntu1.33\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-aarch64\", pkgver:\"2.0.0+dfsg-2ubuntu1.33\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-arm\", pkgver:\"2.0.0+dfsg-2ubuntu1.33\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-mips\", pkgver:\"2.0.0+dfsg-2ubuntu1.33\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-misc\", pkgver:\"2.0.0+dfsg-2ubuntu1.33\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-ppc\", pkgver:\"2.0.0+dfsg-2ubuntu1.33\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-sparc\", pkgver:\"2.0.0+dfsg-2ubuntu1.33\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-x86\", pkgver:\"2.0.0+dfsg-2ubuntu1.33\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system\", pkgver:\"1:2.5+dfsg-5ubuntu10.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-aarch64\", pkgver:\"1:2.5+dfsg-5ubuntu10.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-arm\", pkgver:\"1:2.5+dfsg-5ubuntu10.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-mips\", pkgver:\"1:2.5+dfsg-5ubuntu10.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-misc\", pkgver:\"1:2.5+dfsg-5ubuntu10.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-ppc\", pkgver:\"1:2.5+dfsg-5ubuntu10.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-s390x\", pkgver:\"1:2.5+dfsg-5ubuntu10.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-sparc\", pkgver:\"1:2.5+dfsg-5ubuntu10.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-x86\", pkgver:\"1:2.5+dfsg-5ubuntu10.11\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"qemu-system\", pkgver:\"1:2.6.1+dfsg-0ubuntu5.4\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"qemu-system-aarch64\", pkgver:\"1:2.6.1+dfsg-0ubuntu5.4\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"qemu-system-arm\", pkgver:\"1:2.6.1+dfsg-0ubuntu5.4\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"qemu-system-mips\", pkgver:\"1:2.6.1+dfsg-0ubuntu5.4\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"qemu-system-misc\", pkgver:\"1:2.6.1+dfsg-0ubuntu5.4\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"qemu-system-ppc\", pkgver:\"1:2.6.1+dfsg-0ubuntu5.4\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"qemu-system-s390x\", pkgver:\"1:2.6.1+dfsg-0ubuntu5.4\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"qemu-system-sparc\", pkgver:\"1:2.6.1+dfsg-0ubuntu5.4\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"qemu-system-x86\", pkgver:\"1:2.6.1+dfsg-0ubuntu5.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-system / qemu-system-aarch64 / qemu-system-arm / etc\");\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-04-11T15:22:17", "description": "Several vulnerabilities were found in qemu, a fast processor emulator :\n\nCVE-2015-8666\n\nHeap-based buffer overflow in QEMU when built with the Q35-chipset-based PC system emulator\n\nCVE-2016-2198\n\nNULL pointer dereference in ehci_caps_write in the USB EHCI support that may result in denial of service\n\nCVE-2016-6833\n\nUse after free while writing in the vmxnet3 device that could be used to cause a denial of service\n\nCVE-2016-6835\n\nBuffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device that could result in denial of service\n\nCVE-2016-8576\n\nInfinite loop vulnerability in xhci_ring_fetch in the USB xHCI support\n\nCVE-2016-8667 / CVE-2016-8669\n\nDivide by zero errors in set_next_tick in the JAZZ RC4030 chipset emulator, and in serial_update_parameters of some serial devices, that could result in denial of service\n\nCVE-2016-9602\n\nImproper link following with VirtFS\n\nCVE-2016-9603\n\nHeap buffer overflow via vnc connection in the Cirrus CLGD 54xx VGA emulator support\n\nCVE-2016-9776\n\nInfinite loop while receiving data in the ColdFire Fast Ethernet Controller emulator\n\nCVE-2016-9907\n\nMemory leakage in the USB redirector usb-guest support \n\nCVE-2016-9911\n\nMemory leakage in ehci_init_transfer in the USB EHCI support\n\nCVE-2016-9914 / CVE-2016-9915 / CVE-2016-9916\n\nPlan 9 File System (9pfs): add missing cleanup operation in FileOperations, in the handle backend and in the proxy backend driver\n\nCVE-2016-9921 / CVE-2016-9922\n\nDivide by zero in cirrus_do_copy in the Cirrus CLGD 54xx VGA Emulator support \n\nCVE-2016-10155\n\nMemory leak in hw/watchdog/wdt_i6300esb.c allowing local guest OS privileged users to cause a denial of service via a large number of device unplug operations.\n\nCVE-2017-2615 / CVE-2017-2620 / CVE-2017-18030 / CVE-2018-5683 / CVE-2017-7718\n\nOut-of-bounds access issues in the Cirrus CLGD 54xx VGA emulator support, that could result in denial of service\n\nCVE-2017-5525 / CVE-2017-5526\n\nMemory leakage issues in the ac97 and es1370 device emulation\n\nCVE-2017-5579\n\nMost memory leakage in the 16550A UART emulation\n\nCVE-2017-5667\n\nOut-of-bounds access during multi block SDMA transfer in the SDHCI emulation support.\n\nCVE-2017-5715\n\nMitigations against the Spectre v2 vulnerability. For more information please refer to https://www.qemu.org/2018/01/04/spectre/\n\nCVE-2017-5856\n\nMemory leak in the MegaRAID SAS 8708EM2 Host Bus Adapter emulation support\n\nCVE-2017-5973 / CVE-2017-5987 / CVE-2017-6505\n\nInfinite loop issues in the USB xHCI, in the transfer mode register of the SDHCI protocol, and the USB ohci_service_ed_list\n\nCVE-2017-7377\n\n9pfs: host memory leakage via v9fs_create\n\nCVE-2017-7493\n\nImproper access control issues in the host directory sharing via 9pfs support.\n\nCVE-2017-7980\n\nHeap-based buffer overflow in the Cirrus VGA device that could allow local guest OS users to execute arbitrary code or cause a denial of service\n\nCVE-2017-8086\n\n9pfs: host memory leakage via v9pfs_list_xattr\n\nCVE-2017-8112\n\nInfinite loop in the VMWare PVSCSI emulation\n\nCVE-2017-8309 / CVE-2017-8379\n\nHost memory leakage issues via the audio capture buffer and the keyboard input event handlers \n\nCVE-2017-9330\n\nInfinite loop due to incorrect return value in USB OHCI that may result in denial of service\n\nCVE-2017-9373 / CVE-2017-9374\n\nHost memory leakage during hot unplug in IDE AHCI and USB emulated devices that could result in denial of service\n\nCVE-2017-9503\n\nNULL pointer dereference while processing megasas command\n\nCVE-2017-10806\n\nStack buffer overflow in USB redirector\n\nCVE-2017-10911\n\nXen disk may leak stack data via response ring\n\nCVE-2017-11434\n\nOut-of-bounds read while parsing Slirp/DHCP options\n\nCVE-2017-14167\n\nOut-of-bounds access while processing multiboot headers that could result in the execution of arbitrary code\n\nCVE-2017-15038\n\n9pfs: information disclosure when reading extended attributes\n\nCVE-2017-15289\n\nOut-of-bounds write access issue in the Cirrus graphic adaptor that could result in denial of service\n\nCVE-2017-16845\n\nInformation leak in the PS/2 mouse and keyboard emulation support that could be exploited during instance migration \n\nCVE-2017-18043\n\nInteger overflow in the macro ROUND_UP (n, d) that could result in denial of service\n\nCVE-2018-7550\n\nIncorrect handling of memory during multiboot that could may result in execution of arbitrary code\n\nFor Debian 8 'Jessie', these problems have been fixed in version 1:2.1+dfsg-12+deb8u7.\n\nWe recommend that you upgrade your qemu packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 10, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H"}, "published": "2018-09-07T00:00:00", "type": "nessus", "title": "Debian DLA-1497-1 : qemu security update (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8666", "CVE-2016-10155", "CVE-2016-2198", "CVE-2016-6833", "CVE-2016-6835", "CVE-2016-8576", "CVE-2016-8667", "CVE-2016-8669", "CVE-2016-9602", "CVE-2016-9603", "CVE-2016-9776", "CVE-2016-9907", "CVE-2016-9911", "CVE-2016-9914", "CVE-2016-9915", "CVE-2016-9916", "CVE-2016-9921", "CVE-2016-9922", "CVE-2017-10806", "CVE-2017-10911", "CVE-2017-11434", "CVE-2017-14167", "CVE-2017-15038", "CVE-2017-15289", "CVE-2017-16845", "CVE-2017-18030", "CVE-2017-18043", "CVE-2017-2615", "CVE-2017-2620", "CVE-2017-5525", "CVE-2017-5526", "CVE-2017-5579", "CVE-2017-5667", "CVE-2017-5715", "CVE-2017-5856", "CVE-2017-5973", "CVE-2017-5987", "CVE-2017-6505", "CVE-2017-7377", "CVE-2017-7493", "CVE-2017-7718", "CVE-2017-7980", "CVE-2017-8086", "CVE-2017-8112", "CVE-2017-8309", "CVE-2017-8379", "CVE-2017-9330", "CVE-2017-9373", "CVE-2017-9374", "CVE-2017-9503", "CVE-2018-5683", "CVE-2018-7550"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:qemu", "p-cpe:/a:debian:debian_linux:qemu-guest-agent", "p-cpe:/a:debian:debian_linux:qemu-kvm", "p-cpe:/a:debian:debian_linux:qemu-system", "p-cpe:/a:debian:debian_linux:qemu-system-arm", "p-cpe:/a:debian:debian_linux:qemu-system-common", "p-cpe:/a:debian:debian_linux:qemu-system-mips", "p-cpe:/a:debian:debian_linux:qemu-system-misc", "p-cpe:/a:debian:debian_linux:qemu-system-ppc", "p-cpe:/a:debian:debian_linux:qemu-system-sparc", "p-cpe:/a:debian:debian_linux:qemu-system-x86", "p-cpe:/a:debian:debian_linux:qemu-user", "p-cpe:/a:debian:debian_linux:qemu-user-binfmt", "p-cpe:/a:debian:debian_linux:qemu-user-static", "p-cpe:/a:debian:debian_linux:qemu-utils", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1497.NASL", "href": "https://www.tenable.com/plugins/nessus/117351", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1497-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117351);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8666\", \"CVE-2016-10155\", \"CVE-2016-2198\", \"CVE-2016-6833\", \"CVE-2016-6835\", \"CVE-2016-8576\", \"CVE-2016-8667\", \"CVE-2016-8669\", \"CVE-2016-9602\", \"CVE-2016-9603\", \"CVE-2016-9776\", \"CVE-2016-9907\", \"CVE-2016-9911\", \"CVE-2016-9914\", \"CVE-2016-9915\", \"CVE-2016-9916\", \"CVE-2016-9921\", \"CVE-2016-9922\", \"CVE-2017-10806\", \"CVE-2017-10911\", \"CVE-2017-11434\", \"CVE-2017-14167\", \"CVE-2017-15038\", \"CVE-2017-15289\", \"CVE-2017-16845\", \"CVE-2017-18030\", \"CVE-2017-18043\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-5525\", \"CVE-2017-5526\", \"CVE-2017-5579\", \"CVE-2017-5667\", \"CVE-2017-5715\", \"CVE-2017-5856\", \"CVE-2017-5973\", \"CVE-2017-5987\", \"CVE-2017-6505\", \"CVE-2017-7377\", \"CVE-2017-7493\", \"CVE-2017-7718\", \"CVE-2017-7980\", \"CVE-2017-8086\", \"CVE-2017-8112\", \"CVE-2017-8309\", \"CVE-2017-8379\", \"CVE-2017-9330\", \"CVE-2017-9373\", \"CVE-2017-9374\", \"CVE-2017-9503\", \"CVE-2018-5683\", \"CVE-2018-7550\");\n\n script_name(english:\"Debian DLA-1497-1 : qemu security update (Spectre)\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities were found in qemu, a fast processor \nemulator :\n\nCVE-2015-8666\n\nHeap-based buffer overflow in QEMU when built with the\nQ35-chipset-based PC system emulator\n\nCVE-2016-2198\n\nNULL pointer dereference in ehci_caps_write in the USB EHCI support\nthat may result in denial of service\n\nCVE-2016-6833\n\nUse after free while writing in the vmxnet3 device that could be used\nto cause a denial of service\n\nCVE-2016-6835\n\nBuffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device\nthat could result in denial of service\n\nCVE-2016-8576\n\nInfinite loop vulnerability in xhci_ring_fetch in the USB xHCI support\n\nCVE-2016-8667 / CVE-2016-8669\n\nDivide by zero errors in set_next_tick in the JAZZ RC4030 chipset\nemulator, and in serial_update_parameters of some serial devices, that\ncould result in denial of service\n\nCVE-2016-9602\n\nImproper link following with VirtFS\n\nCVE-2016-9603\n\nHeap buffer overflow via vnc connection in the Cirrus CLGD 54xx VGA\nemulator support\n\nCVE-2016-9776\n\nInfinite loop while receiving data in the ColdFire Fast Ethernet\nController emulator\n\nCVE-2016-9907\n\nMemory leakage in the USB redirector usb-guest support \n\nCVE-2016-9911\n\nMemory leakage in ehci_init_transfer in the USB EHCI support\n\nCVE-2016-9914 / CVE-2016-9915 / CVE-2016-9916\n\nPlan 9 File System (9pfs): add missing cleanup operation in\nFileOperations, in the handle backend and in the proxy backend driver\n\nCVE-2016-9921 / CVE-2016-9922\n\nDivide by zero in cirrus_do_copy in the Cirrus CLGD 54xx VGA Emulator\nsupport \n\nCVE-2016-10155\n\nMemory leak in hw/watchdog/wdt_i6300esb.c allowing local guest OS\nprivileged users to cause a denial of service via a large number of\ndevice unplug operations.\n\nCVE-2017-2615 / CVE-2017-2620 / CVE-2017-18030 / CVE-2018-5683 /\nCVE-2017-7718\n\nOut-of-bounds access issues in the Cirrus CLGD 54xx VGA emulator\nsupport, that could result in denial of service\n\nCVE-2017-5525 / CVE-2017-5526\n\nMemory leakage issues in the ac97 and es1370 device emulation\n\nCVE-2017-5579\n\nMost memory leakage in the 16550A UART emulation\n\nCVE-2017-5667\n\nOut-of-bounds access during multi block SDMA transfer in the SDHCI\nemulation support.\n\nCVE-2017-5715\n\nMitigations against the Spectre v2 vulnerability. For more information\nplease refer to https://www.qemu.org/2018/01/04/spectre/\n\nCVE-2017-5856\n\nMemory leak in the MegaRAID SAS 8708EM2 Host Bus Adapter emulation\nsupport\n\nCVE-2017-5973 / CVE-2017-5987 / CVE-2017-6505\n\nInfinite loop issues in the USB xHCI, in the transfer mode register of\nthe SDHCI protocol, and the USB ohci_service_ed_list\n\nCVE-2017-7377\n\n9pfs: host memory leakage via v9fs_create\n\nCVE-2017-7493\n\nImproper access control issues in the host directory sharing via 9pfs\nsupport.\n\nCVE-2017-7980\n\nHeap-based buffer overflow in the Cirrus VGA device that could allow\nlocal guest OS users to execute arbitrary code or cause a denial of\nservice\n\nCVE-2017-8086\n\n9pfs: host memory leakage via v9pfs_list_xattr\n\nCVE-2017-8112\n\nInfinite loop in the VMWare PVSCSI emulation\n\nCVE-2017-8309 / CVE-2017-8379\n\nHost memory leakage issues via the audio capture buffer and the\nkeyboard input event handlers \n\nCVE-2017-9330\n\nInfinite loop due to incorrect return value in USB OHCI that may\nresult in denial of service\n\nCVE-2017-9373 / CVE-2017-9374\n\nHost memory leakage during hot unplug in IDE AHCI and USB emulated\ndevices that could result in denial of service\n\nCVE-2017-9503\n\nNULL pointer dereference while processing megasas command\n\nCVE-2017-10806\n\nStack buffer overflow in USB redirector\n\nCVE-2017-10911\n\nXen disk may leak stack data via response ring\n\nCVE-2017-11434\n\nOut-of-bounds read while parsing Slirp/DHCP options\n\nCVE-2017-14167\n\nOut-of-bounds access while processing multiboot headers that could\nresult in the execution of arbitrary code\n\nCVE-2017-15038\n\n9pfs: information disclosure when reading extended attributes\n\nCVE-2017-15289\n\nOut-of-bounds write access issue in the Cirrus graphic adaptor that\ncould result in denial of service\n\nCVE-2017-16845\n\nInformation leak in the PS/2 mouse and keyboard emulation support that\ncould be exploited during instance migration \n\nCVE-2017-18043\n\nInteger overflow in the macro ROUND_UP (n, d) that could result in\ndenial of service\n\nCVE-2018-7550\n\nIncorrect handling of memory during multiboot that could may result in\nexecution of arbitrary code\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1:2.1+dfsg-12+deb8u7.\n\nWe recommend that you upgrade your qemu packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/qemu\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.qemu.org/2018/01/04/spectre/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-ppc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-sparc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-user-binfmt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-user-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/07\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"qemu\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-guest-agent\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-kvm\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-arm\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-common\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-mips\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-misc\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-ppc\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-sparc\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-x86\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-user\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-user-binfmt\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-user-static\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-utils\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T12:14:17", "description": "Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU \ndevice. An attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. This issue only affected Ubuntu \n16.04 LTS and Ubuntu 16.10. (CVE-2016-10028, CVE-2016-10029)\n\nLi Qiang discovered that QEMU incorrectly handled the 6300esb watchdog. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2016-10155)\n\nLi Qiang discovered that QEMU incorrectly handled the i.MX Fast Ethernet \nController. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service. This issue only \naffected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7907)\n\nIt was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2016-8667)\n\nIt was discovered that QEMU incorrectly handled the 16550A UART device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2016-8669)\n\nIt was discovered that QEMU incorrectly handled the shared rings when used \nwith Xen. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service, or possibly execute \narbitrary code on the host. (CVE-2016-9381)\n\nJann Horn discovered that QEMU incorrectly handled VirtFS directory \nsharing. A privileged attacker inside the guest could use this issue to \naccess files on the host file system outside of the shared directory and \npossibly escalate their privileges. In the default installation, when QEMU \nis used with libvirt, attackers would be isolated by the libvirt AppArmor \nprofile. (CVE-2016-9602)\n\nGerd Hoffmann discovered that QEMU incorrectly handled the Cirrus VGA \ndevice when being used with a VNC connection. A privileged attacker inside \nthe guest could use this issue to cause QEMU to crash, resulting in a \ndenial of service, or possibly execute arbitrary code on the host. In the \ndefault installation, when QEMU is used with libvirt, attackers would be \nisolated by the libvirt AppArmor profile. (CVE-2016-9603)\n\nIt was discovered that QEMU incorrectly handled the ColdFire Fast Ethernet \nController. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service. (CVE-2016-9776)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An \nattacker inside the guest could use this issue to cause QEMU to leak \ncontents of host memory. This issue only affected Ubuntu 16.04 LTS and \nUbuntu 16.10. (CVE-2016-9845, CVE-2016-9908)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An \nattacker inside the guest could use this issue to cause QEMU to crash, \nresulting in a denial of service. This issue only affected Ubuntu 16.04 LTS \nand Ubuntu 16.10. (CVE-2016-9846, CVE-2016-9912, CVE-2017-5552, \nCVE-2017-5578, CVE-2017-5857)\n\nLi Qiang discovered that QEMU incorrectly handled the USB redirector. An \nattacker inside the guest could use this issue to cause QEMU to crash, \nresulting in a denial of service. This issue only affected Ubuntu 16.04 LTS \nand Ubuntu 16.10. (CVE-2016-9907)\n\nLi Qiang discovered that QEMU incorrectly handled USB EHCI emulation. An \nattacker inside the guest could use this issue to cause QEMU to crash, \nresulting in a denial of service. (CVE-2016-9911)\n\nLi Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. \nA privileged attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service. (CVE-2016-9913, CVE-2016-9914, \nCVE-2016-9915, CVE-2016-9916)\n\nQinghao Tang, Li Qiang, and Jiangxin discovered that QEMU incorrectly \nhandled the Cirrus VGA device. A privileged attacker inside the guest could \nuse this issue to cause QEMU to crash, resulting in a denial of service. \n(CVE-2016-9921, CVE-2016-9922)\n\nWjjzhang and Li Qiang discovered that QEMU incorrectly handled the Cirrus \nVGA device. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service, or possibly execute \narbitrary code on the host. In the default installation, when QEMU is used \nwith libvirt, attackers would be isolated by the libvirt AppArmor profile. \n(CVE-2017-2615)\n\nIt was discovered that QEMU incorrectly handled the Cirrus VGA device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service, or possibly execute arbitrary code \non the host. In the default installation, when QEMU is used with libvirt, \nattackers would be isolated by the libvirt AppArmor profile. \n(CVE-2017-2620)\n\nIt was discovered that QEMU incorrectly handled VNC connections. An \nattacker inside the guest could use this issue to cause QEMU to crash, \nresulting in a denial of service. (CVE-2017-2633)\n\nLi Qiang discovered that QEMU incorrectly handled the ac97 audio device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2017-5525)\n\nLi Qiang discovered that QEMU incorrectly handled the es1370 audio device. \nA privileged attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service. (CVE-2017-5526)\n\nLi Qiang discovered that QEMU incorrectly handled the 16550A UART device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2017-5579)\n\nJiang Xin discovered that QEMU incorrectly handled SDHCI device emulation. \nA privileged attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service, or possibly execute arbitrary \ncode on the host. In the default installation, when QEMU is used with \nlibvirt, attackers would be isolated by the libvirt AppArmor profile. \n(CVE-2017-5667)\n\nLi Qiang discovered that QEMU incorrectly handled the MegaRAID SAS device. \nA privileged attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service. (CVE-2017-5856)\n\nLi Qiang discovered that QEMU incorrectly handled the CCID Card device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2017-5898)\n\nLi Qiang discovered that QEMU incorrectly handled USB xHCI controller \nemulation. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service. (CVE-2017-5973)\n\nJiang Xin and Wjjzhang discovered that QEMU incorrectly handled SDHCI \ndevice emulation. A privileged attacker inside the guest could use this \nissue to cause QEMU to crash, resulting in a denial of service. \n(CVE-2017-5987)\n\nLi Qiang discovered that QEMU incorrectly handled USB OHCI controller \nemulation. A privileged attacker inside the guest could use this issue to \ncause QEMU to hang, resulting in a denial of service. (CVE-2017-6505)\n", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.9, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2017-04-20T00:00:00", "type": "ubuntu", "title": "QEMU vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9846", "CVE-2016-9908", "CVE-2016-10029", "CVE-2016-9911", "CVE-2017-5857", "CVE-2016-9603", "CVE-2016-9845", "CVE-2016-9913", "CVE-2016-9912", "CVE-2016-7907", "CVE-2017-5525", "CVE-2017-5973", "CVE-2017-5552", "CVE-2016-9602", "CVE-2016-9907", "CVE-2017-5578", "CVE-2016-9914", "CVE-2016-10155", "CVE-2017-5987", "CVE-2016-9381", "CVE-2016-9916", "CVE-2017-2633", "CVE-2017-2620", "CVE-2016-9922", "CVE-2016-9915", "CVE-2017-5579", "CVE-2016-9921", "CVE-2017-5526", "CVE-2016-8667", "CVE-2017-5856", "CVE-2016-8669", "CVE-2017-2615", "CVE-2017-5898", "CVE-2016-10028", "CVE-2017-6505", "CVE-2017-5667", "CVE-2016-9776"], "modified": "2017-04-20T00:00:00", "id": "USN-3261-1", "href": "https://ubuntu.com/security/notices/USN-3261-1", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "ibm": [{"lastseen": "2021-12-30T21:40:23", "description": "## Summary\n\nPowerKVM is affected by vulnerabilities in Qemu. IBM has now addressed these vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-6835_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6835>)** \nDESCRIPTION:** QEMU is vulnerable to a denial of service, caused by a buffer-over-read issue in vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c. By leveraging failure to check IP header length, a local authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120024_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120024>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n\n**CVEID:** [_CVE-2016-6834_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6834>)** \nDESCRIPTION:** QEMU is vulnerable to a denial of service, caused by an eror in net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c. By using a zero length for the current fragment length, a local authenticated attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120023_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120023>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6833_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6833>)** \nDESCRIPTION:** QEMU is vulnerable to a denial of service, caused by a use-after-free issue in vmxnet3_io_bar0_write function in hw/net/vmxnet3.c. By leveraging failure to check if the device is active, a local authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120022_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120022>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6490_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6490>)** \nDESCRIPTION:** QEMU is vulnerable to a denial of service, caused by an error in virtqueue_map_desc function in hw/virtio/virtio.c. By using a zero length for the descriptor buffer, a local authenticated attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120021_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120021>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-9106_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9106>)** \nDESCRIPTION:** QEMU is vulnerable to a denial of service, caused by memory leak issue in v9fs_write function in hw/9pfs/9p.c. By leveraging failure to free an IO vector, a local authenticated attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base Score: 6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120032_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120032>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-9105_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9105>)** \nDESCRIPTION:** QEMU is vulnerable to a denial of service, caused by a memory leak issue in v9fs_link function in hw/9pfs/9p.c. By using vectors involving a reference to the source fid object, a local authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119925_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119925>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-9104_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9104>)** \nDESCRIPTION:** QEMU is vulnerable to a denial of service, caused by multiple integer overflows in the v9fs_xattr_read and v9fs_xattr_write functions in hw/9pfs/9p.c. By sending a specially-crafted offset, a local authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119923_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119923>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-9103_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9103>)** \nDESCRIPTION:** QEMU could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in v9fs_xattrcreate function in hw/9pfs/9p.c. By reading xattribute values before writing to them, an attacker could exploit this vulnerability to obtain sensitive host heap memory information. \nCVSS Base Score: 6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119921_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119921>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-9102_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9102>)** \nDESCRIPTION:** Qemu is vulnerable to a denial of service, caused by a memory leak issue in v9fs_xattrcreate function in hw/9pfs/9p.c. By sending a large number of Txattrcreate messages with the same fid number, a local authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119920_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119920>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-9101_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9101>)** \nDESCRIPTION:** QEMU is vulnerable to a denial of service, caused by a memory leak in hw/net/eepro100.c. By repeatedly unplugging an i8255x (PRO100) NIC device, a local authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119916_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119916>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-8578_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8578>)** \nDESCRIPTION:** QEMU, (aka Quick Emulator), is vulnerable to a denial of service, caused by a NULL pointer dereference in the v9fs_iov_vunmarshal function. By sending an empty string parameter to a 9P operation, a local attacker with admin privileges could exploit this vulnerability to cause the QEMU process to crash. \nCVSS Base Score: 6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119188_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119188>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-8577_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8577>)** \nDESCRIPTION:** QEMU, (aka Quick Emulator), is vulnerable to a denial of service, caused by multiple memory leaks in the v9fs_read function. By using vectors related to an I/O read operation, a local attacker with admin privileges could exploit this vulnerability to consume all available memory resources. \nCVSS Base Score: 6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119187_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119187>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-8576_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8576>)** \nDESCRIPTION:** QEMU, (aka Quick Emulator), is vulnerable to a denial of service, caused by an error in the xhci_ring_fetch function. By failing to limit the number of link Transfer Request Blocks (TRB) to process, a local attacker with admin privileges could exploit this vulnerability to cause the application to enter into an infinite loop and the QEMU process to crash. \nCVSS Base Score: 6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119186_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119186>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-2841_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2841>)** \nDESCRIPTION:** Qemu, emulator built with the NE2000 NIC emulation support, is vulnerable to a denial of service, caused by an error when receiving packets over the network. An authenticated attacker could exploit this vulnerability to cause the Qemu to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111283_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111283>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2538_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2538>)** \nDESCRIPTION:** Qemu, emulator built with the USB Net device emulation support, is vulnerable to a denial of service, caused by an integer overflow when processing remote NDIS control message packets. An attacker could exploit this vulnerability to cause the Qemu process to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110926_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110926>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2392_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2392>)** \nDESCRIPTION:** Qemu, built with the USB Net device emulation support, is vulnerable to a denial of service, caused by a NULL pointer dereference when handling the remote NDIS control message. By sending NDIS control message packets, a remote authenticated attacker could exploit this vulnerability to cause the Qemu process to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110684_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110684>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2391_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2391>)** \nDESCRIPTION:** Qemu, built with the USB OHCI emulation support, is vulnerable to a denial of service, caused by a NULL pointer dereference when OHCI transitions to a OHCI_USB_OPERATIONAL state. A remote authenticated attacker could exploit this vulnerability to create multiple eof timers and cause the Qemu process to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110685_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110685>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n \n**CVEID:** [_CVE-2016-9916_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9916>)** \nDESCRIPTION:** QEMU is vulnerable to a denial of service, caused by a memory leak in hw/9pfs/9p-proxy.c. By leveraging a missing cleanup operation in the proxy backend, a local authenticated attacker could exploit this vulnerability to cause a host memory consumption and application crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120182_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120182>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H) \n\n**CVEID:** [_CVE-2016-9915_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9915>)** \nDESCRIPTION:** QEMU is vulnerable to a denial of service, caused by a memory leak in hw/9pfs/9p-handle.c. By leveraging a missing cleanup operation in the handle backend, a local authenticated attacker could exploit this vulnerability to cause a host memory consumption and application crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120183_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120183>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-9914_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9914>)** \nDESCRIPTION:** QEMU is vulnerable to a denial of service, caused by a memory leak in hw/9pfs/9p.c. By leveraging a missing cleanup operation in FileOperations, a local authenticated attacker could exploit this vulnerability to cause a host memory consumption and application crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120184_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120184>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-9913_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9913>)** \nDESCRIPTION:** QEMU is vulnerable to a denial of service, caused by a memory leak in v9fs_device_unrealize_common function in hw/9pfs/9p.c. By using vectors involving the order of resource cleanup, a local authenticated attacker could exploit this vulnerability to cause a host memory consumption and application crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120185_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120185>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-9776_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9776>)** \nDESCRIPTION:** QEMU, built with the ColdFire Fast Ethernet Controller emulator support, is vulnerable to a denial of service. By receiving packets in 'mcf_fec_receive', a local authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120188_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120188>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-2198_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2198>)** \nDESCRIPTION:** Qemu, built with the USB EHCI emulation support, is vulnerable to a denial of service, caused by a NULL pointer dereference when attempting to write to EHCI capabilities registers. A remote authenticated attacker could exploit this vulnerability to cause the Qemu process to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110655_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110655>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2197_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2197>)** \nDESCRIPTION:** Qemu, built with the IDE AHCI emulation support, is vulnerable to a denial of service, caused by a NULL pointer dereference when unmapping the Frame Information Structure(FIS) &amp; Command List Block(CLB) entries. A remote authenticated attacker could exploit this vulnerability to cause the Qemu process to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110650_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110650>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-1981_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1981>)** \nDESCRIPTION:** Qemu, built with the e1000 NIC emulation support, is vulnerable to a denial of service, caused by an error when processing data. A remote authenticated attacker could exploit this vulnerability using transmit or receive descriptors to cause the application to enter into an infinite loop. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110649_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110649>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-8818_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8818>)** \nDESCRIPTION:** Qemu, built to use address_space_translate to map an address to a MemoryRegionSection, is vulnerable to a denial of service, when doing pci_dma_read/write calls. A remote authenticated attacker from within the local network could exploit this vulnerability to cause the guest instance to crash. \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111188_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111188>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2015-8817_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8817>)** \nDESCRIPTION:** Qemu, built to use address_space_translate to map an address to a MemoryRegionSection, is vulnerable to a denial of service, when doing pci_dma_read/write calls. A remote authenticated attacker from within the local network could exploit this vulnerability to cause the guest instance to crash. \nCVSS Base Score: 4.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111187_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111187>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2015-8745_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8745>)** \nDESCRIPTION:** Qemu, built with a VMWARE VMXNET3 paravirtual NIC emulator support, is vulnerable to a denial of service, caused by an error while reading Interrupt Mask Registers(IMR). A remote authenticated attacker could exploit this vulnerability to cause the process instance to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109364_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109364>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-8744_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8744>)** \nDESCRIPTION:** Qemu, built with a VMWARE VMXNET3 paravirtual NIC emulator support, is vulnerable to a denial of service, caused by the improper handling of packets. By sending Layer-2 packets smaller than 22 bytes, a remote authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109365_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109365>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-8743_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8743>)** \nDESCRIPTION:** Qemu, built with the NE2000 device emulation support, could allow a remote attacker to bypass security restrictions, caused by an out-of-bounds read or write error while performing ioport r/w operations. An authenticated attacker could exploit this vulnerability to leak or corrupt Qemu memory bytes. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109366_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109366>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-9923_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9923>)** \nDESCRIPTION:** QEMU, built with the 'chardev' backend support, is vulnerable to a denial of service, caused by use after free issue. By hotplugging and unplugging the device, a local authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120147_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120147>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-9921_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9921>)** \nDESCRIPTION:** QEMU, built with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to a denial of service, caused by a divide by zero issue. By changing cirrus graphics mode to VGA, a local authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120146_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120146>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-9911_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9911>)** \nDESCRIPTION:** QEMU, built with the USB EHCI Emulation support, is vulnerable to a denial of service, caused by memory leak. By sending a specially-crafted packet data to 'ehci_init_transfer', a local authenticated attacker could exploit this vulnerability to leak host memory. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120144_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120144>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-9907_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9907>)** \nDESCRIPTION:** QEMU is vulnerable to a denial of service, caused by memory leak issue in the USB redirector usb-guest support. By destroying the USB redirector in 'usbredir_handle_destroy', a local authenticated attacker could exploit this vulnerability to leak host memory. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120142_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120142>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-7995_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7995>)** \nDESCRIPTION:** QEMU is vulnerable to a denial of service, caused by a memory leak issue in ehci_process_itd function in hw/usb/hcd-ehci.c. By using a large number of crafted buffer page select (PG) indexes, a local authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120007_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120007>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-7466_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7466>)** \nDESCRIPTION:** QEMU is vulnerable to a denial of service, caused by a memory leak issue in usb_xhci_exit function in hw/usb/hcd-xhci.c. By repeatedly unplugging a USB device, a local authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120005_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120005>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-7422_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7422>)** \nDESCRIPTION:** QEMU is vulnerable to a denial of service, caused by a NULL pointer dereference issue in virtqueue_map_desc function in hw/virtio/virtio.c. By using a large I/O descriptor buffer length value, a local authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120004_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120004>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-7421_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7421>)** \nDESCRIPTION:** QEMU is vulnerable to a denial of service, caused by an error in pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c. By leveraging failure to limit process IO loop to the ring size, a local authenticated attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120003_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120003>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-7170_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7170>)** \nDESCRIPTION:** QEMU is vulnerable to a denial of service, caused by out-of-bounds write isue in vmsvga_fifo_run function in hw/display/vmware_vga.c. A local authenticated attacker could exploit this vulnerability using vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command to cause the application to crash. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120002_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120002>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-7156_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7156>)** \nDESCRIPTION:** QEMU is vulnerable to a denial of service, caused by an error in pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c. By leveraging an incorrect cast, a local authenticated attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120000_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120000>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-7155_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7155>)** \nDESCRIPTION:** QEMU is vulnerable to a denial of service, caused by an out-of-bounds access issue in hw/scsi/vmw_pvscsi.c. By using a specially-crafted page count for descriptor rings, a local authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119999_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119999>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-7116_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7116>)** \nDESCRIPTION:** QEMU could allow a remote attacker to traverse directories on the system, caused by an error in hw/9pfs/9p.c. A local authenticated attacker could send a specially-crafted request containing \"dot dot\" sequences (/../) to access host files on the system. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119998_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119998>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-6888_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6888>)** \nDESCRIPTION:** QEMU is vulnerable to a denial of service, caused by an integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c. A local authenticated attacker could exploit this vulnerability using the maximum fragmentation count to cause the application to crash. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119997_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119997>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6836_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6836>)** \nDESCRIPTION:** QEMU could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in vmxnet3_complete_packet function in hw/net/vmxnet3.c. By leveraging failure to initialize the txcq_descr object, an attacker could exploit this vulnerability to obtain sensitive host memory information. \nCVSS Base Score: 6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120025_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120025>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nPowerKVM 2.1 and PowerKVM 3.1\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n\nFix images are made available via Fix Central. For version 3.1, see [_https://ibm.biz/BdHggw_](<https://ibm.biz/BdHggw>). This issue is addressed starting with v3.1.0.2 update 7.\n\n## Workarounds and Mitigations\n\nCustomers using v2.1 can work around the problem by upgrading to the fixed version of v3.1.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n20 Feb 2017 - Initial Version\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSZJY4\",\"label\":\"PowerKVM\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.1;3.1\",\"Edition\":\"KVM\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2018-06-18T01:35:35", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Qemu affect PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8743", "CVE-2015-8744", "CVE-2015-8745", "CVE-2015-8817", "CVE-2015-8818", "CVE-2016-1981", "CVE-2016-2197", "CVE-2016-2198", "CVE-2016-2391", "CVE-2016-2392", "CVE-2016-2538", "CVE-2016-2841", "CVE-2016-6490", "CVE-2016-6833", "CVE-2016-6834", "CVE-2016-6835", "CVE-2016-6836", "CVE-2016-6888", "CVE-2016-7116", "CVE-2016-7155", "CVE-2016-7156", "CVE-2016-7170", "CVE-2016-7421", "CVE-2016-7422", "CVE-2016-7466", "CVE-2016-7995", "CVE-2016-8576", "CVE-2016-8577", "CVE-2016-8578", "CVE-2016-9101", "CVE-2016-9102", "CVE-2016-9103", "CVE-2016-9104", "CVE-2016-9105", "CVE-2016-9106", "CVE-2016-9776", "CVE-2016-9907", "CVE-2016-9911", "CVE-2016-9913", "CVE-2016-9914", "CVE-2016-9915", "CVE-2016-9916", "CVE-2016-9921", "CVE-2016-9923"], "modified": "2018-06-18T01:35:35", "id": "B367FA606C58481C89B4ED0BA9E6AEBC2E9112EE731CBFCDB561135B3870281D", "href": "https://www.ibm.com/support/pages/node/630931", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "debian": [{"lastseen": "2022-05-19T21:17:26", "description": "Package : qemu\nVersion : 1:2.1+dfsg-12+deb8u7\nCVE ID : CVE-2015-8666 CVE-2016-2198 CVE-2016-6833 CVE-2016-6835\n CVE-2016-8576 CVE-2016-8667 CVE-2016-8669 CVE-2016-9602\n CVE-2016-9603 CVE-2016-9776 CVE-2016-9907 CVE-2016-9911\n CVE-2016-9914 CVE-2016-9915 CVE-2016-9916 CVE-2016-9921\n CVE-2016-9922 CVE-2016-10155 CVE-2017-2615 CVE-2017-2620\n CVE-2017-5525 CVE-2017-5526 CVE-2017-5579 CVE-2017-5667\n CVE-2017-5715 CVE-2017-5856 CVE-2017-5973 CVE-2017-5987\n CVE-2017-6505 CVE-2017-7377 CVE-2017-7493 CVE-2017-7718\n CVE-2017-7980 CVE-2017-8086 CVE-2017-8112 CVE-2017-8309\n CVE-2017-8379 CVE-2017-9330 CVE-2017-9373 CVE-2017-9374\n CVE-2017-9503 CVE-2017-10806 CVE-2017-10911\n CVE-2017-11434 CVE-2017-14167 CVE-2017-15038\n CVE-2017-15289 CVE-2017-16845 CVE-2017-18030\n CVE-2017-18043 CVE-2018-5683 CVE-2018-7550\nDebian Bug : 813193 834904 835031 840945 840950 847496 847951 847953\n 847960 851910 852232 853002 853006 853996 854731 855159\n 855611 855791 856399 856969 857744 859854 860785 861348\n 861351 862280 862289 863943 864216 864568 865754 867751\n 869171 869706 874606 877890 880832 882136 886532 887392\n 892041\n\nSeveral vulnerabilities were found in qemu, a fast processor emulator:\n\nCVE-2015-8666\n\n Heap-based buffer overflow in QEMU when built with the\n Q35-chipset-based PC system emulator\n\nCVE-2016-2198\n\n Null pointer dereference in ehci_caps_write in the USB EHCI support\n that may result in denial of service\n\nCVE-2016-6833\n\n Use after free while writing in the vmxnet3 device that could be used\n to cause a denial of service\n\nCVE-2016-6835\n\n Buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device\n that could result in denial of service\n\nCVE-2016-8576\n\n Infinite loop vulnerability in xhci_ring_fetch in the USB xHCI support\n\nCVE-2016-8667 / CVE-2016-8669\n\n Divide by zero errors in set_next_tick in the JAZZ RC4030 chipset\n emulator, and in serial_update_parameters of some serial devices, that\n could result in denial of service\n\nCVE-2016-9602\n\n Improper link following with VirtFS\n\nCVE-2016-9603\n\n Heap buffer overflow via vnc connection in the Cirrus CLGD 54xx VGA\n emulator support\n\nCVE-2016-9776\n\n Infinite loop while receiving data in the ColdFire Fast Ethernet\n Controller emulator\n\nCVE-2016-9907\n\n Memory leakage in the USB redirector usb-guest support \n\nCVE-2016-9911\n\n Memory leakage in ehci_init_transfer in the USB EHCI support\n\nCVE-2016-9914 / CVE-2016-9915 / CVE-2016-9916\n\n Plan 9 File System (9pfs): add missing cleanup operation in\n FileOperations, in the handle backend and in the proxy backend driver\n\nCVE-2016-9921 / CVE-2016-9922\n\n Divide by zero in cirrus_do_copy in the Cirrus CLGD 54xx VGA Emulator\n support \n\nCVE-2016-10155\n\n Memory leak in hw/watchdog/wdt_i6300esb.c allowing local guest OS\n privileged users to cause a denial of service via a large number of\n device unplug operations.\n\nCVE-2017-2615 / CVE-2017-2620 / CVE-2017-18030 / CVE-2018-5683 / CVE-2017-7718\n\n Out-of-bounds access issues in the Cirrus CLGD 54xx VGA emulator\n support, that could result in denial of service\n\nCVE-2017-5525 / CVE-2017-5526\n\n Memory leakage issues in the ac97 and es1370 device emulation\n\nCVE-2017-5579\n\n Most memory leakage in the 16550A UART emulation\n\nCVE-2017-5667\n\n Out-of-bounds access during multi block SDMA transfer in the SDHCI\n emulation support.\n\nCVE-2017-5715\n\n Mitigations against the Spectre v2 vulnerability. For more information\n please refer to https://www.qemu.org/2018/01/04/spectre/\n\nCVE-2017-5856\n\n Memory leak in the MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support\n\nCVE-2017-5973 / CVE-2017-5987 / CVE-2017-6505\n\n Infinite loop issues in the USB xHCI, in the transfer mode register\n of the SDHCI protocol, and the USB ohci_service_ed_list\n\nCVE-2017-7377\n\n 9pfs: host memory leakage via v9fs_create\n\nCVE-2017-7493\n\n Improper access control issues in the host directory sharing via\n 9pfs support.\n\nCVE-2017-7980\n\n Heap-based buffer overflow in the Cirrus VGA device that could allow\n local guest OS users to execute arbitrary code or cause a denial of\n service\n\nCVE-2017-8086\n\n 9pfs: host memory leakage via v9pfs_list_xattr\n\nCVE-2017-8112\n\n Infinite loop in the VMWare PVSCSI emulation\n\nCVE-2017-8309 / CVE-2017-8379\n\n Host memory leakage issues via the audio capture buffer and the\n keyboard input event handlers \n\nCVE-2017-9330\n\n Infinite loop due to incorrect return value in USB OHCI that may\n result in denial of service\n\nCVE-2017-9373 / CVE-2017-9374\n\n Host memory leakage during hot unplug in IDE AHCI and USB emulated\n devices that could result in denial of service\n\nCVE-2017-9503\n\n Null pointer dereference while processing megasas command\n\nCVE-2017-10806\n\n Stack buffer overflow in USB redirector\n\nCVE-2017-10911\n\n Xen disk may leak stack data via response ring\n\nCVE-2017-11434\n\n Out-of-bounds read while parsing Slirp/DHCP options\n\nCVE-2017-14167\n\n Out-of-bounds access while processing multiboot headers that could\n result in the execution of arbitrary code\n\nCVE-2017-15038\n\n 9pfs: information disclosure when reading extended attributes\n\nCVE-2017-15289\n\n Out-of-bounds write access issue in the Cirrus graphic adaptor that\n could result in denial of service\n\nCVE-2017-16845\n\n Information leak in the PS/2 mouse and keyboard emulation support that\n could be exploited during instance migration \n\nCVE-2017-18043\n\n Integer overflow in the macro ROUND_UP (n, d) that could result in\n denial of service\n\nCVE-2018-7550\n\n Incorrect handling of memory during multiboot that could may result in\n execution of arbitrary code\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n1:2.1+dfsg-12+deb8u7.\n\nWe recommend that you upgrade your qemu packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.8}, "published": "2018-09-06T18:49:12", "type": "debian", "title": "[SECURITY] [DLA 1497-1] qemu security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8666", "CVE-2016-10155", "CVE-2016-2198", "CVE-2016-6833", "CVE-2016-6835", "CVE-2016-8576", "CVE-2016-8667", "CVE-2016-8669", "CVE-2016-9602", "CVE-2016-9603", "CVE-2016-9776", "CVE-2016-9907", "CVE-2016-9911", "CVE-2016-9914", "CVE-2016-9915", "CVE-2016-9916", "CVE-2016-9921", "CVE-2016-9922", "CVE-2017-10806", "CVE-2017-10911", "CVE-2017-11434", "CVE-2017-14167", "CVE-2017-15038", "CVE-2017-15289", "CVE-2017-16845", "CVE-2017-18030", "CVE-2017-18043", "CVE-2017-2615", "CVE-2017-2620", "CVE-2017-5525", "CVE-2017-5526", "CVE-2017-5579", "CVE-2017-5667", "CVE-2017-5715", "CVE-2017-5856", "CVE-2017-5973", "CVE-2017-5987", "CVE-2017-6505", "CVE-2017-7377", "CVE-2017-7493", "CVE-2017-7718", "CVE-2017-7980", "CVE-2017-8086", "CVE-2017-8112", "CVE-2017-8309", "CVE-2017-8379", "CVE-2017-9330", "CVE-2017-9373", "CVE-2017-9374", "CVE-2017-9503", "CVE-2018-5683", "CVE-2018-7550"], "modified": "2018-09-06T18:49:12", "id": "DEBIAN:DLA-1497-1:58644", "href": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}]}