CVE-2016-7422

CVSS V2 Low 2.1 CVSS V3 Medium 6

Description

The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.

Overview

CVE ID
CVE-2016-7422

Assigner
secalert@redhat.com

Vulnerability Status
Modified

Published Version
2016-12-10T00:59:18

Last Modified Date
2023-02-12T23:25:25

Weakness Enumerations

CWE	URL
CWE-120	http://cwe.mitre.org/data/definitions/120.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
		AND
cpe:2.3:a:qemu:qemu::::::::	1	OR	2.7.1
		AND
cpe:2.3:o:opensuse:leap:42.2:::::::*	1	OR
		AND
cpe:2.3:a:redhat:openstack:6.0:::::::*	1	OR
cpe:2.3:a:redhat:openstack:7.0:::::::*	1	OR
cpe:2.3:a:redhat:openstack:8:::::::*	1	OR
cpe:2.3:a:redhat:openstack:9:::::::*	1	OR
cpe:2.3:a:redhat:openstack:10:::::::*	1	OR
cpe:2.3:a:redhat:openstack:11:::::::*	1	OR
		AND
cpe:2.3:a:redhat:virtualization:4.0:::::::*	1	OR
cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*	0	OR

CVSS Version 2

Version
2.0

Vector String
AV:L/AC:L/Au:N/C:N/I:N/A:P

Access Vector
LOCAL

Access Compatibility
LOW

Authentication
NONE

Confidentiality Impact
NONE

Integrity Impact
NONE

Availability Impact
PARTIAL

Base Score
2.1

Severity
LOW

Exploitability Score
3.9

Impact Score
2.9

CVSS Version 3

Version
3.1

Vector String
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Attack Vector
LOCAL

Attack Compatibility
LOW

Privileges Required
HIGH

User Interaction
NONE

Scope
CHANGED

Confidentiality Impact
NONE

Availability Impact
HIGH

Base Score
6

Base Severity
MEDIUM

Exploitability Score
1.5

Impact Score
4

References

Reference URL	Reference Tags
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=973e7170dddefb491a48df5cba33b2ae151013a0
http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/09/16/10	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/09/16/4	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/92996	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:2392	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2408	Third Party Advisory
https://access.redhat.com/security/cve/CVE-2016-7422
https://bugzilla.redhat.com/show_bug.cgi?id=1376755
https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03546.html	Patch Third Party Advisory
https://security.gentoo.org/glsa/201609-01	Third Party Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2016-7422
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7422

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 06:58:22				Added to TrackCVE
2022-12-02 12:18:34	2016-12-10T00:59Z	2016-12-10T00:59:18	CVE Published Date	updated
2022-12-02 12:18:34		2021-08-04T17:15:35	CVE Modified Date	updated
2022-12-02 12:18:34		Analyzed	Vulnerability Status	updated
2023-02-02 23:05:46		2023-02-02T21:17:21	CVE Modified Date	updated
2023-02-02 23:05:46	Analyzed	Modified	Vulnerability Status	updated
2023-02-02 23:05:47	The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.	CVE-2016-7422 Qemu: virtio: null pointer dereference in virtqueu_map_desc	Description	updated
2023-02-02 23:05:49			References	updated
2023-02-13 01:06:55		2023-02-12T23:25:25	CVE Modified Date	updated
2023-02-13 01:06:55	CVE-2016-7422 Qemu: virtio: null pointer dereference in virtqueu_map_desc	The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.	Description	updated