CVE-2016-9914
Ubuntu Security Notice USN-3261-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations.
Fuga de memoria en hw/9pfs/9p.c en QEMU (también conocido como Quick Emulator) permite a usuarios locales privilegiados del SO huésped provocar una denegación de servicio (consumo de memoria del host y posiblemente caída de proceso QEMU) aprovechando una operación de limpieza perdida en FileOperations.
Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. It was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Jann Horn discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to access files on the host file system outside of the shared directory and possibly escalate their privileges. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-08 CVE Reserved
- 2016-12-29 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=702dbcc274e2ca43be20ba64c758c0ca57dab91d | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2016/12/06/11 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2016/12/08/7 | Mailing List |
|
| http://www.securityfocus.com/bid/94729 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html | 2023-02-12 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201701-49 | 2023-02-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | <= 2.7.1 Search vendor "Qemu" for product "Qemu" and version " <= 2.7.1" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 2.8.0 Search vendor "Qemu" for product "Qemu" and version "2.8.0" | rc0 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 2.8.0 Search vendor "Qemu" for product "Qemu" and version "2.8.0" | rc1 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||