CVE-2016-1714Improper Restriction of Operations within the Bounds of a Memory Buffer in Qemu

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-125Out-of-bounds Read10 documents8 sources
Severity
8.1HIGHNVD
EPSS
0.3%
top 43.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
QemuOracle LinuxRedhat Openstack
Timeline
PublishedApr 7
Latest updateMay 13

Description

The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 1.4 | Impact: 6.0

Affected Packages4 packages

Debianqemu/qemu< 1:2.5+dfsg-4+3
NVDqemu/qemu2.3.0
NVDoracle/linux6, 7+1

🔴Vulnerability Details

3
GHSA
GHSA-fjx4-mcpx-mwq6: The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg2022-05-13
CVEList
CVE-2016-1714: The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg2016-04-07
OSV
CVE-2016-1714: The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg2016-04-07

📋Vendor Advisories

3
Ubuntu
QEMU vulnerabilities2016-02-03
Red Hat
Qemu: nvram: OOB r/w access in processing firmware configurations2016-01-05
Debian
CVE-2016-1714: qemu - The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU ...2016

💬Community

3
Bugzilla
CVE-2016-4009 python-pillow: integer overflow in the ImagingResampleHorizontal function2016-04-14
Bugzilla
CVE-2016-1714 xen: Qemu: nvram: OOB r/w access in processing firmware configurations [fedora-all]2016-01-06
Bugzilla
CVE-2016-1714 Qemu: nvram: OOB r/w access in processing firmware configurations2016-01-06
CVE-2016-1714 — Qemu vulnerability | cvebase