Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.6
CVSSv2

CVE-2016-2857

Published: 12/04/2016 Updated: 12/02/2023
CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 8.4 | Impact Score: 5.8 | Exploitability Score: 2
VMScore: 320
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
Subscribe to Qemu

Vulnerability Summary

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu

canonical ubuntu linux 16.04

canonical ubuntu linux 15.10

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

debian debian linux 8.0

redhat openstack 5.0

redhat virtualization 3.0

redhat virtualization 4.0

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server 7.0

redhat openstack 7.0

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

redhat enterprise linux server tus 7.3

redhat openstack 6.0

redhat enterprise linux server aus 7.3

redhat enterprise linux server aus 7.4

redhat enterprise linux eus 7.3

redhat enterprise linux eus 7.4

redhat enterprise linux eus 7.5

redhat enterprise linux server tus 7.6

redhat enterprise linux server aus 7.6

redhat enterprise linux eus 7.6

redhat openstack 9

redhat openstack 8

redhat enterprise linux server aus 7.7

redhat enterprise linux server tus 7.7

redhat enterprise linux eus 7.7

Vendor Advisories

Ubuntu Security Notice: qemu, qemu-kvm vulnerabilities
Several security issues were fixed in QEMU ...
Red Hat: Moderate: qemu-kvm-rhev security, bug fix, and enhancement update
Synopsis Moderate: qemu-kvm-rhev security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 70 (Kilo) for RHEL 7Red Hat Product Security has rated this update as having a security im ...
Red Hat: Moderate: qemu-kvm-rhev security, bug fix, and enhancement update
Synopsis Moderate: qemu-kvm-rhev security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 60 (Juno) for RHEL 7Red Hat Product Security has rated this update as having a security im ...
Red Hat: Important: qemu-kvm-rhev security and bug fix update
Synopsis Important: qemu-kvm-rhev security and bug fix update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for RHEV 3X Hypervisor and Agents for RHEL-7 and RHEV 4X RHEV-H and Agents for RHEL-7Red Hat Product Security has rated this update as having a secur ...
Red Hat: Low: qemu-kvm security and bug fix update
Synopsis Low: qemu-kvm security and bug fix update Type/Severity Security Advisory: Low Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, whi ...
Red Hat: Moderate: qemu-kvm-rhev security, bug fix, and enhancement update
Synopsis Moderate: qemu-kvm-rhev security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 80 (Liberty)Red Hat Product Security has rated this update as having a security impact of Moderate A Commo ...
Red Hat: Important: qemu-kvm security and bug fix update
Synopsis Important: qemu-kvm security and bug fix update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Red Hat: Moderate: qemu-kvm-rhev security, bug fix, and enhancement update
Synopsis Moderate: qemu-kvm-rhev security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 50 (Icehouse) for RHEL 7Red Hat Product Security has rated this update as having a securit ...
Red Hat: Moderate: qemu-kvm-rhev security, bug fix, and enhancement update
Synopsis Moderate: qemu-kvm-rhev security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 90 (Mitaka)Red Hat Product Security has rated this update as having a security impact of Moderate A Common ...
Red Hat: Important: qemu-kvm-rhev security update
Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 50 (Icehouse) for RHEL 6Red Hat Product Security has rated this update as having a security impact of Important A ...
Red Hat: Important: qemu-kvm-rhev security update
Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for RHEV 3X Hypervisor and Agents for RHEL-6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scorin ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-2538: usb: integer overflow in remote NDIS control message handling
Debian Bug report logs - #815680 qemu: CVE-2016-2538: usb: integer overflow in remote NDIS control message handling Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 23 Feb 2016 16:54:02 UTC Severit ...
Debian CVElist Bug Report Logs: CVE-2016-2197: ide: ahci null pointer dereference when using FIS CLB engines
Debian Bug report logs - #813194 CVE-2016-2197: ide: ahci null pointer dereference when using FIS CLB engines Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Michael Tokarev <mjt@tlsmskru> Date: Sat, 30 Jan 2016 11:30:01 UTC Severity: important T ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-4001: net: buffer overflow in stellaris_enet emulator
Debian Bug report logs - #821038 qemu: CVE-2016-4001: net: buffer overflow in stellaris_enet emulator Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 14 Apr 2016 21:18:05 UTC Severity: important T ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-2392: usb: null pointer dereference in remote NDIS control message handling
Debian Bug report logs - #815008 qemu: CVE-2016-2392: usb: null pointer dereference in remote NDIS control message handling Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 17 Feb 2016 16:42:01 UTC ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-2841: net: ne2000: infinite loop in ne2000_receive
Debian Bug report logs - #817181 qemu: CVE-2016-2841: net: ne2000: infinite loop in ne2000_receive Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 8 Mar 2016 19:18:02 UTC Severity: important Tags ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-2858: rng-random: arbitrary stack based allocation leading to corruption
Debian Bug report logs - #817183 qemu: CVE-2016-2858: rng-random: arbitrary stack based allocation leading to corruption Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 8 Mar 2016 19:21:02 UTC Se ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-2391: usb: multiple eof_timers in ohci leads to null pointer dereference
Debian Bug report logs - #815009 qemu: CVE-2016-2391: usb: multiple eof_timers in ohci leads to null pointer dereference Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 17 Feb 2016 16:42:06 UTC Se ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-4037: usb: Infinite loop vulnerability in usb_ehci using siTD process
Debian Bug report logs - #822344 qemu: CVE-2016-4037: usb: Infinite loop vulnerability in usb_ehci using siTD process Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 23 Apr 2016 17:27:01 UTC Sever ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-2857: net: out of bounds read in net_checksum_calculate
Debian Bug report logs - #817182 qemu: CVE-2016-2857: net: out of bounds read in net_checksum_calculate Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 8 Mar 2016 19:18:06 UTC Severity: important ...
Debian CVElist Bug Report Logs: CVE-2016-2198: usb: ehci null pointer dereference in ehci_caps_write
Debian Bug report logs - #813193 CVE-2016-2198: usb: ehci null pointer dereference in ehci_caps_write Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Michael Tokarev <mjt@tlsmskru> Date: Sat, 30 Jan 2016 11:24:01 UTC Severity: important Tags: pat ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-3710 CVE-2016-3712
Debian Bug report logs - #823830 qemu: CVE-2016-3710 CVE-2016-3712 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 9 May 2016 12:27:02 UTC Severity: grave Tags: security, upstream Found in versi ...
Red Hat: CVE-2016-2857
An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size A user inside a guest could use this flaw to crash the QEMU process (denial of se ...

References

CWE-119http://www.openwall.com/lists/oss-security/2016/03/03/9http://www.openwall.com/lists/oss-security/2016/03/07/3http://www.ubuntu.com/usn/USN-2974-1http://www.securityfocus.com/bid/84130http://rhn.redhat.com/errata/RHSA-2017-0350.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0344.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0334.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0309.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0083.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2706.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2705.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2704.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2671.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2670.htmlhttps://lists.debian.org/debian-lts-announce/2018/11/msg00038.htmlhttp://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572bhttps://usn.ubuntu.com/2974-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook