Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.9
CVSSv2

CVE-2016-9911

Published: 23/12/2016 Updated: 13/02/2023
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2
VMScore: 436
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Qemu

Vulnerability Summary

Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu

debian debian linux 8.0

redhat openstack 7.0

redhat openstack 6.0

redhat openstack 10

redhat openstack 9

redhat openstack 8

redhat openstack 11

redhat virtualization 4.0

Vendor Advisories

Ubuntu Security Notice: qemu vulnerabilities
Several security issues were fixed in QEMU ...
Red Hat: CVE-2016-9911
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue It could occur while processing packet data in 'ehci_init_transfer' A guest user/process could use this issue to leak host memory, resulting in DoS for a host ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-8577: 9pfs: host memory leakage in v9fs_read
Debian Bug report logs - #840341 qemu: CVE-2016-8577: 9pfs: host memory leakage in v9fs_read Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 10 Oct 2016 18:33:02 UTC Severity: normal Tags: patch, ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-8578
Debian Bug report logs - #840340 qemu: CVE-2016-8578 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 10 Oct 2016 18:30:02 UTC Severity: normal Tags: patch, security, upstream Found in version qem ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-9908: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset
Debian Bug report logs - #847400 qemu: CVE-2016-9908: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 7 Dec 2016 20:57:04 UTC S ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-8669: char: divide by zero error in serial_update_parameters
Debian Bug report logs - #840945 qemu: CVE-2016-8669: char: divide by zero error in serial_update_parameters Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Oct 2016 11:57:01 UTC Severity: norm ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-9846: display: virtio-gpu: memory leakage while updating cursor
Debian Bug report logs - #847382 qemu: CVE-2016-9846: display: virtio-gpu: memory leakage while updating cursor Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 7 Dec 2016 18:30:04 UTC Severity: i ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-9913 CVE-2016-9914 CVE-2016-9915 CVE-2016-9916
Debian Bug report logs - #847496 qemu: CVE-2016-9913 CVE-2016-9914 CVE-2016-9915 CVE-2016-9916 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 8 Dec 2016 19:15:02 UTC Severity: important Tags: pa ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-9776: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive
Debian Bug report logs - #846797 qemu: CVE-2016-9776: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 3 Dec 2016 12:48:01 UTC S ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-7170: vmware_vga: OOB stack memory access when processing svga command
Debian Bug report logs - #837316 qemu: CVE-2016-7170: vmware_vga: OOB stack memory access when processing svga command Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 10 Sep 2016 13:21:01 UTC Seve ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-9845: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset_info
Debian Bug report logs - #847381 qemu: CVE-2016-9845: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset_info Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 7 Dec 2016 18:30:01 U ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-9923: char: use after free issue in char backend
Debian Bug report logs - #847957 qemu: CVE-2016-9923: char: use after free issue in char backend Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 12 Dec 2016 15:57:02 UTC Severity: important Tags: ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-7909: net: pcnet: infinite loop in pcnet_rdra_addr
Debian Bug report logs - #839834 qemu: CVE-2016-7909: net: pcnet: infinite loop in pcnet_rdra_addr Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 5 Oct 2016 15:15:02 UTC Severity: normal Tags: s ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-7908: net: Infinite loop in mcf_fec_do_tx
Debian Bug report logs - #839835 qemu: CVE-2016-7908: net: Infinite loop in mcf_fec_do_tx Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 5 Oct 2016 15:33:01 UTC Severity: normal Tags: security, ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-8910: net: rtl8139: infinite loop while transmit in C+ mode
Debian Bug report logs - #841955 qemu: CVE-2016-8910: net: rtl8139: infinite loop while transmit in C+ mode Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 24 Oct 2016 19:45:04 UTC Severity: norma ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-9911: usb: ehci: memory leakage in ehci_init_transfer
Debian Bug report logs - #847951 qemu: CVE-2016-9911: usb: ehci: memory leakage in ehci_init_transfer Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 12 Dec 2016 15:27:07 UTC Severity: important T ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-8909: audio: intel-hda: infinite loop in processing dma buffer stream
Debian Bug report logs - #841950 qemu: CVE-2016-8909: audio: intel-hda: infinite loop in processing dma buffer stream Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 24 Oct 2016 18:57:01 UTC Sever ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-9921 CVE-2016-9922
Debian Bug report logs - #847960 qemu: CVE-2016-9921 CVE-2016-9922 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 12 Dec 2016 16:09:01 UTC Severity: important Tags: patch, security, upstream Fou ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-9907: usb: redirector: memory leakage when destroying redirector
Debian Bug report logs - #847953 qemu: CVE-2016-9907: usb: redirector: memory leakage when destroying redirector Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 12 Dec 2016 15:39:02 UTC Severity: ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-7995: usb: hcd-ehci: memory leak in ehci_process_itd
Debian Bug report logs - #840236 qemu: CVE-2016-7995: usb: hcd-ehci: memory leak in ehci_process_itd Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 9 Oct 2016 19:33:01 UTC Severity: normal Tags: ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-8576: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch
Debian Bug report logs - #840343 qemu: CVE-2016-8576: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 10 Oct 2016 18:39:01 UTC Severity: n ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-7994: virtio-gpu: memory leak in virtio_gpu_resource_create_2d
Debian Bug report logs - #840228 qemu: CVE-2016-7994: virtio-gpu: memory leak in virtio_gpu_resource_create_2d Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 9 Oct 2016 18:12:01 UTC Severity: no ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-8668: net: OOB buffer access in rocker switch emulation
Debian Bug report logs - #840948 qemu: CVE-2016-8668: net: OOB buffer access in rocker switch emulation Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Oct 2016 12:12:04 UTC Severity: normal Ta ...
Debian CVElist Bug Report Logs: qemu: Various 9ps security issues (CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106)
Debian Bug report logs - #842463 qemu: Various 9ps security issues (CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106) Package: qemu; Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu is src:qemu (PTS, buildd, popcon) Reported by: Guido Günther <agx@sigx ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-9912: display: virtio-gpu: memory leakage when destroying gpu resource
Debian Bug report logs - #847391 qemu: CVE-2016-9912: display: virtio-gpu: memory leakage when destroying gpu resource Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 7 Dec 2016 19:30:01 UTC Seve ...

References

CWE-772http://www.securityfocus.com/bid/94762http://www.openwall.com/lists/oss-security/2016/12/08/5https://security.gentoo.org/glsa/201701-49https://access.redhat.com/errata/RHSA-2017:2408https://access.redhat.com/errata/RHSA-2017:2392https://lists.debian.org/debian-lts-announce/2018/09/msg00007.htmlhttps://usn.ubuntu.com/3261-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook