CVE-2016-2198

Published: 29 January 2016

QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.0.0+dfsg-2ubuntu1.22)
Patches:
Other: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05899.html
qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist