CVE-2016-8669Divide By Zero in Qemu

CWE-369Divide By Zero10 documents8 sources
Severity
6.0MEDIUMNVD
EPSS
0.1%
top 73.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
QemuDebian LinuxOpensuse Leap+2 more
Timeline
PublishedNov 4
Latest updateMay 13

Description

The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0

Affected Packages5 packages

Debianqemu/qemu< 1:2.8+dfsg-1+3
NVDqemu/qemu2.7.1
NVDopensuse/leap42.2
NVDredhat/openstack6 versions+5

Also affects: Debian Linux 8.0

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

3
GHSA
GHSA-6gxg-vjwr-3339: The serial_update_parameters function in hw/char/serial2022-05-13
OSV
CVE-2016-8669: The serial_update_parameters function in hw/char/serial2016-11-04
CVEList
CVE-2016-8669: The serial_update_parameters function in hw/char/serial2016-11-04

📋Vendor Advisories

3
Ubuntu
QEMU vulnerabilities2017-04-20
Red Hat
Qemu: char: divide by zero error in serial_update_parameters2016-10-12
Debian
CVE-2016-8669: qemu - The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emu...2016

💬Community

3
Bugzilla
CVE-2016-8669 Qemu: char: divide by zero error in serial_update_parameters2016-10-14
Bugzilla
CVE-2016-8669 xen: Qemu: char: divide by zero error in serial_update_parameters [fedora-all]2016-10-14
Bugzilla
CVE-2016-8669 Qemu: char: divide by zero error in serial_update_parameters [fedora-all]2016-10-14
CVE-2016-8669 — Divide By Zero in Qemu | cvebase