CVE-2016-2538Integer Overflow or Wraparound in Qemu

CWE-189CWE-190Integer Overflow or Wraparound10 documents7 sources
Severity
7.1HIGHNVD
OSV5.0
EPSS
0.1%
top 74.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
QemuDebian Qemu
Timeline
PublishedJun 16
Latest updateMay 14

Description

Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

debiandebian/qemu< qemu 1:2.6+dfsg-1 (bookworm)
Debianqemu/qemu< 1:2.6+dfsg-1+3
Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.24+1
NVDqemu/qemu2.5.0

🔴Vulnerability Details

3
GHSA
GHSA-fqw6-89c5-2q6q: Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network2022-05-14
OSV
CVE-2016-2538: Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network2016-06-16
OSV
qemu, qemu-kvm vulnerabilities2016-05-12

📋Vendor Advisories

3
Ubuntu
QEMU vulnerabilities2016-05-12
Red Hat
Qemu: usb: integer overflow in remote NDIS control message handling2016-02-05
Debian
CVE-2016-2538: qemu - Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c)...2016

💬Community

3
Bugzilla
CVE-2016-2538 xen: qemu: Integer overflow in usb module causing memory leak and DoS [fedora-all]2016-02-09
Bugzilla
CVE-2016-2538 qemu: Integer overflow in usb module causing memory leak and DoS [fedora-all]2016-02-09
Bugzilla
CVE-2016-2538 Qemu: usb: integer overflow in remote NDIS control message handling2016-01-29