CVE-2016-2391NULL Pointer Dereference in Qemu

CWE-476NULL Pointer Dereference10 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
0.1%
top 83.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
QemuDebian QemuCanonical Ubuntu Linux+1 more
Timeline
PublishedJun 16
Latest updateMay 13

Description

The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:HExploitability: 1.3 | Impact: 3.6

Affected Packages4 packages

debiandebian/qemu< qemu 1:2.6+dfsg-1 (bookworm)
Debianqemu/qemu< 1:2.6+dfsg-1+3
Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.24+1
NVDqemu/qemu2.5.1.1

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 15.10, 16.04

Patches

Patch: bugzilla.redhat.comPatch: lists.gnu.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-g442-4wgf-h9jr: The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci2022-05-13
OSV
CVE-2016-2391: The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci2016-06-16
OSV
qemu, qemu-kvm vulnerabilities2016-05-12

📋Vendor Advisories

3
Ubuntu
QEMU vulnerabilities2016-05-12
Red Hat
Qemu: usb: multiple eof_timers in ohci module leads to null pointer dereference2016-02-16
Debian
CVE-2016-2391: qemu - The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c...2016

💬Community

3
Bugzilla
CVE-2016-2391 qemu: Holding multiple eof_timers at the same time in ohci usb mode leads to SIGSEGV [fedora-all]2016-02-16
Bugzilla
CVE-2016-2391 xen: qemu: Holding multiple eof_timers at the same time in ohci usb mode leads to SIGSEGV [fedora-all]2016-02-16
Bugzilla
CVE-2016-2391 Qemu: usb: multiple eof_timers in ohci module leads to null pointer dereference2016-02-04