CVE-2016-2198 — NULL Pointer Dereference in Qemu

CWE-476 — NULL Pointer Dereference10 documents7 sources

Severity

5.5MEDIUMNVD

OSV6.0

EPSS

0.1%

top 71.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu Debian Linux

Timeline

PublishedDec 29

Latest updateMay 13

Description

QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/qemu< qemu 1:2.6+dfsg-1 (bookworm)

▶Debianqemu/qemu< 1:2.6+dfsg-1+3

▶Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.22

▶NVDqemu/qemu2.5.1.1+1

Also affects: Debian Linux 8.0

Patches

Patch: lists.gnu.org ↗Patch: lists.gnu.org ↗

🔴Vulnerability Details

GHSA

GHSA-4fg5-fcph-rgxc: QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw↗2022-05-13

▶

OSV

CVE-2016-2198: QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw↗2016-12-29

▶

OSV

qemu, qemu-kvm vulnerabilities↗2016-02-03

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2016-02-03

▶

Red Hat

Qemu: usb: ehci null pointer dereference in ehci_caps_write↗2016-01-29

▶

Debian

CVE-2016-2198: qemu - QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerabl...↗2016

▶

💬Community

Bugzilla

CVE-2016-2198 xen: Qemu: usb: ehci null pointer dereference in ehci_caps_write [fedora-all]↗2016-01-29

▶

Bugzilla

CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write [fedora-all]↗2016-01-29

▶

Bugzilla

CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write↗2016-01-25

▶