CVE-2016-6834Classic Buffer Overflow in Qemu

CWE-120Classic Buffer OverflowCWE-835Infinite LoopCWE-416Use After Free10 documents7 sources
Severity
4.4MEDIUMNVD
OSV5.5
EPSS
0.1%
top 70.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
QemuDebian QemuDebian Linux
Timeline
PublishedDec 10
Latest updateMay 13

Description

The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages4 packages

debiandebian/qemu< qemu 1:2.6+dfsg-3.1 (bookworm)
Debianqemu/qemu< 1:2.6+dfsg-3.1+3
Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.30+1
NVDqemu/qemu2.6.2+1

Also affects: Debian Linux 8.0

Patches

Patch: lists.gnu.orgPatch: lists.gnu.org

🔴Vulnerability Details

3
GHSA
GHSA-7mrf-3fph-7jw4: The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt2022-05-13
OSV
CVE-2016-6834: The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt2016-12-10
OSV
qemu, qemu-kvm vulnerabilities2016-11-09

📋Vendor Advisories

4
Red Hat
php: Use After Free in unserialize()2016-12-08
Ubuntu
QEMU vulnerabilities2016-11-09
Red Hat
Qemu: net: vmxnet3: an infinite loop during packet fragmentation2016-08-09
Debian
CVE-2016-6834: qemu - The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka ...2016

💬Community

2
Bugzilla
CVE-2016-6834 Qemu: net: vmxnet3: an infinite loop during packet fragmentation [fedora-all]2016-08-22
Bugzilla
CVE-2016-6834 Qemu: net: vmxnet3: an infinite loop during packet fragmentation2016-08-22