Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
187
VMScore

CVE-2016-2198

Published: 29/12/2016 Updated: 10/11/2020
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Qemu

Vulnerability Summary

QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu

qemu qemu 2.6.0

debian debian linux 8.0

Vendor Advisories

Ubuntu Security Notice: qemu, qemu-kvm vulnerabilities
Several security issues were fixed in QEMU ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-2538: usb: integer overflow in remote NDIS control message handling
Debian Bug report logs - #815680 qemu: CVE-2016-2538: usb: integer overflow in remote NDIS control message handling Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 23 Feb 2016 16:54:02 UTC Severit ...
Debian CVElist Bug Report Logs: CVE-2016-2197: ide: ahci null pointer dereference when using FIS CLB engines
Debian Bug report logs - #813194 CVE-2016-2197: ide: ahci null pointer dereference when using FIS CLB engines Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Michael Tokarev <mjt@tlsmskru> Date: Sat, 30 Jan 2016 11:30:01 UTC Severity: important T ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-4001: net: buffer overflow in stellaris_enet emulator
Debian Bug report logs - #821038 qemu: CVE-2016-4001: net: buffer overflow in stellaris_enet emulator Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 14 Apr 2016 21:18:05 UTC Severity: important T ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-2392: usb: null pointer dereference in remote NDIS control message handling
Debian Bug report logs - #815008 qemu: CVE-2016-2392: usb: null pointer dereference in remote NDIS control message handling Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 17 Feb 2016 16:42:01 UTC ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-2841: net: ne2000: infinite loop in ne2000_receive
Debian Bug report logs - #817181 qemu: CVE-2016-2841: net: ne2000: infinite loop in ne2000_receive Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 8 Mar 2016 19:18:02 UTC Severity: important Tags ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-2858: rng-random: arbitrary stack based allocation leading to corruption
Debian Bug report logs - #817183 qemu: CVE-2016-2858: rng-random: arbitrary stack based allocation leading to corruption Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 8 Mar 2016 19:21:02 UTC Se ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-2391: usb: multiple eof_timers in ohci leads to null pointer dereference
Debian Bug report logs - #815009 qemu: CVE-2016-2391: usb: multiple eof_timers in ohci leads to null pointer dereference Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 17 Feb 2016 16:42:06 UTC Se ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-4037: usb: Infinite loop vulnerability in usb_ehci using siTD process
Debian Bug report logs - #822344 qemu: CVE-2016-4037: usb: Infinite loop vulnerability in usb_ehci using siTD process Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 23 Apr 2016 17:27:01 UTC Sever ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-2857: net: out of bounds read in net_checksum_calculate
Debian Bug report logs - #817182 qemu: CVE-2016-2857: net: out of bounds read in net_checksum_calculate Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 8 Mar 2016 19:18:06 UTC Severity: important ...
Debian CVElist Bug Report Logs: CVE-2016-2198: usb: ehci null pointer dereference in ehci_caps_write
Debian Bug report logs - #813193 CVE-2016-2198: usb: ehci null pointer dereference in ehci_caps_write Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Michael Tokarev <mjt@tlsmskru> Date: Sat, 30 Jan 2016 11:24:01 UTC Severity: important Tags: pat ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-3710 CVE-2016-3712
Debian Bug report logs - #823830 qemu: CVE-2016-3710 CVE-2016-3712 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 9 May 2016 12:27:02 UTC Severity: grave Tags: security, upstream Found in versi ...
Red Hat: CVE-2016-2198
A NULL pointer dereference flaw was found in the QEMU emulator built with USB EHCI emulation support The flaw could occur when an application attempts to write to EHCI-capability registers A privileged user inside a quest could exploit this flaw to crash the QEMU process instance (denial of service) ...

References

CWE-476https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05899.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1301643http://www.openwall.com/lists/oss-security/2016/01/30/2http://www.openwall.com/lists/oss-security/2016/01/29/6https://security.gentoo.org/glsa/201604-01https://lists.debian.org/debian-lts-announce/2018/09/msg00007.htmlhttps://nvd.nist.govhttps://usn.ubuntu.com/2891-1/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook