CVE-2016-6888

Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.4 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
qemuqemu
𝑥
≤ 2.6.2
qemuqemu
2.7.0:rc0
qemuqemu
2.7.0:rc1
qemuqemu
2.7.0:rc2
qemuqemu
2.7.0:rc3
debiandebian_linux
8.0
redhatvirtualization
4.0
redhatopenstack
6.0
redhatopenstack
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bullseye
1:5.2+dfsg-11+deb11u3
fixed
wheezy
not-affected
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
bookworm
1:7.2+dfsg-7+deb12u7
fixed
sid
1:9.1.1+ds-2
fixed
trixie
1:9.1.1+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu
yakkety
Fixed 1:2.6.1+dfsg-0ubuntu5.1
released
xenial
Fixed 1:2.5+dfsg-5ubuntu10.6
released
trusty
Fixed 2.0.0+dfsg-2ubuntu1.30
released
precise
dne
qemu-kvm
yakkety
dne
xenial
dne
trusty
dne
precise
not-affected
Common Weakness Enumeration
References
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=47882fa4975bf0b58dd74474329fdd7154e8f04c
http://www.openwall.com/lists/oss-security/2016/08/19/10
http://www.openwall.com/lists/oss-security/2016/08/19/6
http://www.securityfocus.com/bid/92556
https://access.redhat.com/errata/RHSA-2017:2392
https://access.redhat.com/errata/RHSA-2017:2408
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03176.html
https://security.gentoo.org/glsa/201609-01
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=47882fa4975bf0b58dd74474329fdd7154e8f04c
http://www.openwall.com/lists/oss-security/2016/08/19/10
http://www.openwall.com/lists/oss-security/2016/08/19/6
http://www.securityfocus.com/bid/92556
https://access.redhat.com/errata/RHSA-2017:2392
https://access.redhat.com/errata/RHSA-2017:2408
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03176.html
https://security.gentoo.org/glsa/201609-01