CVE-2016-2857: The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via…

high8.4CVSS 3.1

AVLACLPRLUINSCCHINAH

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.

Affected

38 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	qemu	< qemu 1:2.6+dfsg-1 (bookworm)	qemu 1:2.6+dfsg-1 (bookworm)
qemu	qemu	<= 2.5.1.1	—
qemu	qemu	>= 0 < 1:2.6+dfsg-1	1:2.6+dfsg-1
qemu	qemu	>= 0 < 1:2.6+dfsg-1	1:2.6+dfsg-1
qemu	qemu	>= 0 < 1:2.6+dfsg-1	1:2.6+dfsg-1
qemu	qemu	>= 0 < 1:2.6+dfsg-1	1:2.6+dfsg-1
qemu	qemu	>= 0 < 2.0.0+dfsg-2ubuntu1.24	2.0.0+dfsg-2ubuntu1.24
qemu	qemu	>= 0 < 1:2.5+dfsg-5ubuntu10.1	1:2.5+dfsg-5ubuntu10.1
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—

CVSS provenance

nvdv3.18.4HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H

osv8.4HIGH