CVE-2016-5403: The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process…

medium5.5CVSS 3.1

AVLACLPRLUINSUCNINAH

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

Affected

49 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	qemu	< qemu 1:2.6+dfsg-3.1 (bookworm)	qemu 1:2.6+dfsg-3.1 (bookworm)
oracle	linux	—	—
oracle	linux	—	—
oracle	linux	—	—
oracle	vm_server	—	—
qemu	qemu	<= 2.6.0	—
qemu	qemu	—	—
qemu	qemu	>= 0 < 1:2.6+dfsg-3.1	1:2.6+dfsg-3.1
qemu	qemu	>= 0 < 1:2.6+dfsg-3.1	1:2.6+dfsg-3.1
qemu	qemu	>= 0 < 1:2.6+dfsg-3.1	1:2.6+dfsg-3.1
qemu	qemu	>= 0 < 1:2.6+dfsg-3.1	1:2.6+dfsg-3.1
qemu	qemu	>= 0 < 2.0.0+dfsg-2ubuntu1.26	2.0.0+dfsg-2ubuntu1.26
qemu	qemu	>= 0 < 2.0.0+dfsg-2ubuntu1.27	2.0.0+dfsg-2ubuntu1.27
qemu	qemu	>= 0 < 2.0.0+dfsg-2ubuntu1.30	2.0.0+dfsg-2ubuntu1.30
qemu	qemu	>= 0 < 1:2.5+dfsg-5ubuntu10.3	1:2.5+dfsg-5ubuntu10.3
qemu	qemu	>= 0 < 1:2.5+dfsg-5ubuntu10.4	1:2.5+dfsg-5ubuntu10.4
qemu	qemu	>= 0 < 1:2.5+dfsg-5ubuntu10.6	1:2.5+dfsg-5ubuntu10.6
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server	—	—

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

osv6.7MEDIUM