CVE-2016-8576 – Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch
https://notcve.org/view.php?id=CVE-2016-8576
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process. La función xhci_ring_fetch en hw/usb/hcd-xhci.c en QEMU (también conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegación de servicio (bucle infinito y caída del proceso QEMU) aprovechando el fallo para limitar el número de enlaces Transfer Request Blocks (TRB) al proceso. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=05f43d44e4bc26611ce25fd7d726e483f73363ce http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html http://www.openwall.com/lists/oss-security/2016/10/10/12 http://www.openwall.com/lists/oss-security/2016/10/10/6 http://www.securityfocus.com/bid/93469 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https:/ • CWE-770: Allocation of Resources Without Limits or Throttling CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2016-8909 – Qemu: audio: intel-hda: infinite loop in processing dma buffer stream
https://notcve.org/view.php?id=CVE-2016-8909
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position. La función intel_hda_xfer en hw/audio/intel-hda.c en QEMU (también conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegación de servicio (bucle infinito y consumo de CPU) a través de una entrada con el mismo valor para la longitud del búfer y posición del puntero. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html http://www.openwall.com/lists/oss-security/2016/10/24/1 http://www.openwall.com/lists/oss-security/2016/10/24/4 http://www.securityfocus.com/bid/93842 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04682.html https://security. • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2016-8910 – Qemu: net: rtl8139: infinite loop while transmit in C+ mode
https://notcve.org/view.php?id=CVE-2016-8910
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count. La función rtl8139_cplus_transmit en hw/net/rtl8139.c en QEMU (también conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegación de servicio (bucle infinito y consumo de CPU) aprovechando el fallo para limitar el recuento del descriptor del anillo. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html http://www.openwall.com/lists/oss-security/2016/10/24/2 http://www.openwall.com/lists/oss-security/2016/10/24/5 http://www.securityfocus.com/bid/93844 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html https://security. • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2016-8669 – Qemu: char: divide by zero error in serial_update_parameters
https://notcve.org/view.php?id=CVE-2016-8669
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base. La función serial_update_parameters en hw/char/serial.c en QEMU (también conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegación de servicio (error de división por cero y caída del proceso QEMU) a través de vectores que involucran un valor de divisor mayor que la base baud. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3592fe0c919cf27a81d8e9f9b4f269553418bb01 http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html http://www.openwall.com/lists/oss-security/2016/10/14/9 http://www.openwall.com/lists/oss-security/2016/10/15/5 http://www.securityfocus.com/bid/93563 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https:/ • CWE-369: Divide By Zero •
CVE-2016-7422 – Qemu: virtio: null pointer dereference in virtqueu_map_desc
https://notcve.org/view.php?id=CVE-2016-7422
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value. La función virtqueue_map_desc en hw/virtio/virtio.c en QEMU (también conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegación de servicio (referencia a puntero NULL y caída del proceso QEMU) a través de un gran valor de longitud de búfer descriptor de I/O. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=973e7170dddefb491a48df5cba33b2ae151013a0 http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html http://www.openwall.com/lists/oss-security/2016/09/16/10 http://www.openwall.com/lists/oss-security/2016/09/16/4 http://www.securityfocus.com/bid/92996 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03546.html https: • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-476: NULL Pointer Dereference •