CVE-2016-7909

EUVD-2016-8758
The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.
Infinite Loop
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
qemuqemu
𝑥
≤ 2.7.1
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bookworm
1:7.2+dfsg-7+deb12u7
fixed
bullseye
1:5.2+dfsg-11+deb11u3
fixed
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
sid
1:9.1.1+ds-2
fixed
trixie
1:9.1.1+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu
precise
dne
trusty
Fixed 2.0.0+dfsg-2ubuntu1.30
released
xenial
Fixed 1:2.5+dfsg-5ubuntu10.6
released
yakkety
Fixed 1:2.6.1+dfsg-0ubuntu5.1
released
qemu-kvm
precise
Fixed 1.0+noroms-0ubuntu14.31
released
trusty
dne
xenial
dne
yakkety
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html
http://www.openwall.com/lists/oss-security/2016/10/03/3
http://www.openwall.com/lists/oss-security/2016/10/03/6
http://www.securityfocus.com/bid/93275
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07942.html
https://security.gentoo.org/glsa/201611-11
http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html
http://www.openwall.com/lists/oss-security/2016/10/03/3
http://www.openwall.com/lists/oss-security/2016/10/03/6
http://www.securityfocus.com/bid/93275
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07942.html
https://security.gentoo.org/glsa/201611-11