CVE-2016-2392NULL Pointer Dereference in Qemu

CWE-476NULL Pointer Dereference10 documents7 sources
Severity
6.5MEDIUMNVD
OSV5.0
EPSS
0.1%
top 75.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
QemuDebian QemuCanonical Ubuntu Linux
Timeline
PublishedJun 16
Latest updateMay 14

Description

The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages4 packages

debiandebian/qemu< qemu 1:2.6+dfsg-1 (bookworm)
Debianqemu/qemu< 1:2.6+dfsg-1+3
Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.24+1
NVDqemu/qemu2.5.0

Also affects: Ubuntu Linux 12.04, 14.04, 15.10, 16.04

🔴Vulnerability Details

3
GHSA
GHSA-858x-x5xv-4rpm: The is_rndis function in the USB Net device emulator (hw/usb/dev-network2022-05-14
OSV
CVE-2016-2392: The is_rndis function in the USB Net device emulator (hw/usb/dev-network2016-06-16
OSV
qemu, qemu-kvm vulnerabilities2016-05-12

📋Vendor Advisories

3
Ubuntu
QEMU vulnerabilities2016-05-12
Red Hat
Qemu: usb: null pointer dereference in remote NDIS control message handling2016-02-11
Debian
CVE-2016-2392: qemu - The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in Q...2016

💬Community

3
Bugzilla
CVE-2016-2392 qemu: Null pointer dereference in usb module [fedora-all]2016-02-12
Bugzilla
CVE-2016-2392 xen: qemu: Null pointer dereference in usb module [fedora-all]2016-02-12
Bugzilla
CVE-2016-2392 Qemu: usb: null pointer dereference in remote NDIS control message handling2016-01-27