CVE-2016-9776 — Infinite Loop in Qemu

CWE-835 — Infinite Loop9 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 80.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu Debian Linux

Timeline

PublishedDec 29

Latest updateMay 13

Description

QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/qemu< qemu 1:2.8+dfsg-1 (bookworm)

▶Debianqemu/qemu< 1:2.8+dfsg-1+3

▶Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.33+1

▶NVDqemu/qemu2.7.1+1

Also affects: Debian Linux 8.0

Patches

Patch: lists.gnu.org ↗Patch: lists.gnu.org ↗

🔴Vulnerability Details

GHSA

GHSA-52m2-jxvj-qw6r: QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue↗2022-05-13

▶

OSV

qemu vulnerabilities↗2017-04-20

▶

OSV

CVE-2016-9776: QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue↗2016-12-29

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2017-04-20

▶

Red Hat

Qemu: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive↗2016-11-29

▶

Debian

CVE-2016-9776: qemu - QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emula...↗2016

▶

💬Community

Bugzilla

CVE-2016-9776 Qemu: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive↗2016-12-02

▶

Bugzilla

CVE-2016-9776 Qemu: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive [fedora-all]↗2016-12-02

▶