Your submission was sent successfully! Close

CVE-2016-8576

Published: 4 November 2016

The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.

Notes

AuthorNote
tyhicks
Privileged user inside the guest can trigger a DoS of the QEMU host
process
Priority

Low

CVSS 3 base score: 6.0

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
precise Does not exist

trusty
Released (2.0.0+dfsg-2ubuntu1.30)
upstream Needed

xenial
Released (1:2.5+dfsg-5ubuntu10.6)
yakkety
Released (1:2.6.1+dfsg-0ubuntu5.1)
Patches:
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=05f43d44e4bc26611ce25fd7d726e483f73363ce
qemu-kvm
Launchpad, Ubuntu, Debian
precise Not vulnerable
(code not present)
trusty Does not exist

upstream Needs triage

xenial Does not exist

yakkety Does not exist