Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2016-5403

Published: 2 August 2016

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

Notes

AuthorNote
mdeslaur 
the patch for this CVE introduced a regression and was later
reverted pending investigation. See LP: #1612089.
proposed regression fixes:
http://lists.nongnu.org/archive/html/qemu-devel/2016-08/msg01038.html
http://lists.nongnu.org/archive/html/qemu-devel/2016-08/msg02666.html

Priority

Medium

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian 		precise Does not exist

trusty
Released (2.0.0+dfsg-2ubuntu1.30)
upstream Needs triage

wily Ignored
(end of life)
xenial
Released (1:2.5+dfsg-5ubuntu10.6)
yakkety
Released (1:2.6.1+dfsg-0ubuntu5.1)
Patches:
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=afd9096eb1882f23929f5b5c177898ed231bac66
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=bccdef6b1a204db0f41ffb6e24ce373e4d7890d4
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=58a83c61496eeb0d31571a07a51bc1947e3379ac
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=4b7f91ed0270a371e1933efa21ba600b6da23ab9
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=104e70cae78bd4afd95d948c6aff188f10508a9c
qemu-kvm
Launchpad, Ubuntu, Debian 		precise
Released (1.0+noroms-0ubuntu14.31)
trusty Does not exist

upstream Needs triage

wily Does not exist

xenial Does not exist

yakkety Does not exist

xen
Launchpad, Ubuntu, Debian 		precise
Released (4.1.6.1-0ubuntu0.12.04.12)
trusty
Released (4.4.2-0ubuntu0.14.04.7)
upstream Needs triage

wily Ignored
(end of life)
xenial Not vulnerable
(uses system qemu)
yakkety Not vulnerable
(uses system qemu)
Binaries built from this source package are in Universe and so are supported by the community.

Severity score breakdown

Parameter Value
Base score 5.5
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading