CVE-2016-1922NULL Pointer Dereference in Qemu

CWE-476NULL Pointer Dereference10 documents7 sources
Severity
5.5MEDIUMNVD
OSV6.0
EPSS
0.1%
top 75.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
QemuDebian QemuDebian Linux
Timeline
PublishedDec 29
Latest updateMay 13

Description

QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference. A user or process could use this flaw to crash the QEMU instance, resulting in DoS issue.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

debiandebian/qemu< qemu 1:2.5+dfsg-4 (bookworm)
Debianqemu/qemu< 1:2.5+dfsg-4+3
Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.22
NVDqemu/qemu2.5.1.1

Also affects: Debian Linux 7.0, 8.0

Patches

Patch: lists.gnu.orgPatch: lists.gnu.org

🔴Vulnerability Details

3
GHSA
GHSA-pp27-442h-qhx9: QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw2022-05-13
OSV
CVE-2016-1922: QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw2016-12-29
OSV
qemu, qemu-kvm vulnerabilities2016-02-03

📋Vendor Advisories

3
Ubuntu
QEMU vulnerabilities2016-02-03
Debian
CVE-2016-1922: qemu - QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows gue...2016
Red Hat
Qemu: i386: null pointer dereference in vapic_write()2015-12-18

💬Community

3
Bugzilla
CVE-2016-1922 xen: qemu: Null pointer dereference in vapic_write() [fedora-all]2015-12-18
Bugzilla
CVE-2016-1922 qemu: Null pointer dereference in vapic_write() [fedora-all]2015-12-18
Bugzilla
CVE-2016-1922 Qemu: i386: null pointer dereference in vapic_write()2015-11-20