8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:N/A:P
qemu-kvm is vulnerable to denial of service (DoS) attacks. The vulnerability exists as the net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b
git.qemu.org/?p=qemu.git;a=commitdiff;h=362786f14a753d8a5256ef97d7c10ed576d6572b
rhn.redhat.com/errata/RHSA-2016-2670.html
rhn.redhat.com/errata/RHSA-2016-2671.html
rhn.redhat.com/errata/RHSA-2016-2704.html
rhn.redhat.com/errata/RHSA-2016-2705.html
rhn.redhat.com/errata/RHSA-2016-2706.html
rhn.redhat.com/errata/RHSA-2017-0083.html
rhn.redhat.com/errata/RHSA-2017-0309.html
rhn.redhat.com/errata/RHSA-2017-0334.html
rhn.redhat.com/errata/RHSA-2017-0344.html
rhn.redhat.com/errata/RHSA-2017-0350.html
www.openwall.com/lists/oss-security/2016/03/03/9
www.openwall.com/lists/oss-security/2016/03/07/3
www.securityfocus.com/bid/84130
www.ubuntu.com/usn/USN-2974-1
access.redhat.com/errata/RHSA-2016:2670
access.redhat.com/errata/RHSA-2016:2671
access.redhat.com/errata/RHSA-2016:2704
access.redhat.com/errata/RHSA-2016:2705
access.redhat.com/errata/RHSA-2016:2706
access.redhat.com/errata/RHSA-2017:0083
access.redhat.com/errata/RHSA-2017:0309
access.redhat.com/errata/RHSA-2017:0334
access.redhat.com/errata/RHSA-2017:0344
access.redhat.com/errata/RHSA-2017:0350
access.redhat.com/security/cve/CVE-2016-2857
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1296567
bugzilla.redhat.com/show_bug.cgi?id=1408389
lists.debian.org/debian-lts-announce/2018/11/msg00038.html
8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:N/A:P