Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv3

CVE-2016-7907

Published: 05/10/2016 Updated: 10/11/2020
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 4.4 | Impact Score: 3.6 | Exploitability Score: 0.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Qemu

Vulnerability Summary

The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu

qemu qemu 2.9.0

Vendor Advisories

Ubuntu Security Notice: qemu vulnerabilities
Several security issues were fixed in QEMU ...
Debian CVElist Bug Report Logs: qemu: CVE-2017-6058: net: vmxnet3: OOB NetRxPkt::ehdr_buf access when doing vlan stripping
Debian Bug report logs - #855616 qemu: CVE-2017-6058: net: vmxnet3: OOB NetRxPkt::ehdr_buf access when doing vlan stripping Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 20 Feb 2017 19:51:01 UTC ...
Debian CVElist Bug Report Logs: qemu: CVE-2017-2615
Debian Bug report logs - #854731 qemu: CVE-2017-2615 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 9 Feb 2017 22:45:02 UTC Severity: important Tags: fixed-upstream, security, upstream Found in vers ...
Debian CVElist Bug Report Logs: CVE-2017-5931
Debian Bug report logs - #854730 CVE-2017-5931 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 9 Feb 2017 22:42:04 UTC Severity: important Tags: security Fixed in version qemu/1:28+dfsg-3 Done: Mic ...
Debian CVElist Bug Report Logs: qemu: CVE-2017-2630: nbd: oob stack write in client routine drop_sync
Debian Bug report logs - #855227 qemu: CVE-2017-2630: nbd: oob stack write in client routine drop_sync Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 15 Feb 2017 18:21:01 UTC Severity: grave Tags ...
Debian CVElist Bug Report Logs: qemu: CVE-2017-5987: sd: infinite loop issue in multi block transfers
Debian Bug report logs - #855159 qemu: CVE-2017-5987: sd: infinite loop issue in multi block transfers Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 14 Feb 2017 19:45:02 UTC Severity: important ...
Debian CVElist Bug Report Logs: CVE-2017-5898
Debian Bug report logs - #854729 CVE-2017-5898 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 9 Feb 2017 22:42:01 UTC Severity: important Tags: security Fixed in version qemu/1:28+dfsg-3 Done: Mic ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-7907: net: inifinte loop in imx_fec_do_tx() function
Debian Bug report logs - #839986 qemu: CVE-2016-7907: net: inifinte loop in imx_fec_do_tx() function Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 7 Oct 2016 06:45:01 UTC Severity: normal Tags: ...
Debian CVElist Bug Report Logs: qemu: CVE-2017-2620: cirrus_bitblt_cputovideo does not check if memory region is safe
Debian Bug report logs - #855791 qemu: CVE-2017-2620: cirrus_bitblt_cputovideo does not check if memory region is safe Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 21 Feb 2017 16:06:01 UTC Seve ...
Debian CVElist Bug Report Logs: CVE-2017-5667 / CVE-2017-5856 / CVE-2017-5857
Debian Bug report logs - #853996 CVE-2017-5667 / CVE-2017-5856 / CVE-2017-5857 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 2 Feb 2017 22:06:02 UTC Severity: important Tags: security Fixed in vers ...
Debian CVElist Bug Report Logs: qemu: CVE-2017-5579: serial: host memory leakage 16550A UART emulation
Debian Bug report logs - #853002 qemu: CVE-2017-5579: serial: host memory leakage 16550A UART emulation Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 28 Jan 2017 20:51:04 UTC Severity: normal Ta ...
Debian CVElist Bug Report Logs: qemu: CVE-2017-5973: usb: infinite loop while doing control transfer in xhci_kick_epctx
Debian Bug report logs - #855611 qemu: CVE-2017-5973: usb: infinite loop while doing control transfer in xhci_kick_epctx Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 20 Feb 2017 19:21:04 UTC Se ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-9602: 9p: virtfs allows guest to access host filesystem
Debian Bug report logs - #853006 qemu: CVE-2016-9602: 9p: virtfs allows guest to access host filesystem Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 28 Jan 2017 21:18:01 UTC Severity: grave Tag ...
Red Hat: CVE-2016-7907
The imx_fec_do_tx function in hw/net/imx_fecc in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in b ...

References

CWE-20CWE-399http://www.openwall.com/lists/oss-security/2016/10/03/4http://www.openwall.com/lists/oss-security/2016/10/03/1https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05556.htmlhttp://www.securityfocus.com/bid/93274http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.htmlhttps://security.gentoo.org/glsa/201611-11https://usn.ubuntu.com/3261-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook