Published: 10/12/2016 Updated: 12/02/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 4.4 | Impact Score: 3.6 | Exploitability Score: 0.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit process IO loop to the ring size.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu
debian debian linux 8.0

Several security issues were fixed in QEMU ...

Debian Bug report logs - #838850 qemu: CVE-2016-7161 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 25 Sep 2016 18:27:02 UTC Severity: important Tags: patch, security, upstream Found in versions ...

Debian Bug report logs - #838146 qemu: CVE-2016-7422: virtio: null pointer dereference in virtqueue_map_desc Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 17 Sep 2016 17:57:13 UTC Severity: impo ...

Debian Bug report logs - #838147 qemu: CVE-2016-7421: scsi: pvscsi: infinite loop when processing IO requests Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 17 Sep 2016 18:00:01 UTC Severity: nor ...

Debian Bug report logs - #838145 qemu: CVE-2016-7423: scsi: mptsas: OOB access when freeing MPTSASRequest object Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 17 Sep 2016 17:57:09 UTC Severity: ...

The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsic in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit process IO loop to the ring size ...

CWE-834 http://www.openwall.com/lists/oss-security/2016/09/16/3 https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03609.html http://www.openwall.com/lists/oss-security/2016/09/16/9 http://www.securityfocus.com/bid/92998 https://security.gentoo.org/glsa/201609-01 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d251157ac1928191af851d199a9ff255d330bec9 https://usn.ubuntu.com/3125-1/https://nvd.nist.gov

CVE-2016-7421

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect