CVE-2016-1714

Published on: 04/07/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:05 PM UTC

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Certain versions of Linux from Oracle contain the following vulnerability:

The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration.

  • CVE-2016-1714 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.1 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL HIGH NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
CHANGED HIGH HIGH HIGH

CVSS2 Score: 6.9 - MEDIUM

Access
Vector
Access
Complexity
Authentication
LOCAL MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
[Qemu-devel] [PATCH v2 for v2.3.0] fw_cfg: add check to validate current Vendor Advisory
lists.gnu.org
text/x-diff
MLIST [Qemu-devel] 20160106 [PATCH v2 for v2.3.0] fw_cfg: add check to validate current entry value
Debian -- Security Information -- DSA-3471-1 qemu www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3471
QEMU Firmware Configuration Processing Access Flaw Lets Local Users on a Guest System Gain Elevated Privileges on the Host System - SecurityTracker Third Party Advisory
www.securitytracker.com
text/html
URL Logo SECTRACK 1034858
Red Hat Customer Portal Issue Tracking
Third Party Advisory
VDB Entry
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:0088
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:0081
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:0086
QEMU 'fw_cfg_write()' Function Remote Code Execution Vulnerability Third Party Advisory
cve.report (archive)
text/html
URL Logo BID 80250
oss-security - Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160112 Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:0083
Debian -- Security Information -- DSA-3469-1 qemu www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3469
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:0084
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:0087
Debian -- Security Information -- DSA-3470-1 qemu-kvm www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3470
oss-security - Re: Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160112 Re: Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations
Oracle Linux Bulletin - January 2016 Third Party Advisory
www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Red Hat Customer Portal Issue Tracking
Third Party Advisory
VDB Entry
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:0085
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:0082
oss-security - CVE request Qemu: nvram: OOB r/w access in processing firmware configurations Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160111 CVE request Qemu: nvram: OOB r/w access in processing firmware configurations
QEMU: Multiple vulnerabilities (GLSA 201604-01) — Gentoo Security security.gentoo.org
text/html
URL Logo GENTOO GLSA-201604-01

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
OracleLinux6AllAllAll
Operating
System
OracleLinux7AllAllAll
Operating
System
OracleLinux6AllAllAll
Operating
System
OracleLinux7AllAllAll
ApplicationQemuQemuAllAllAllAll
ApplicationRedhatOpenstack5.0AllAllAll
ApplicationRedhatOpenstack5.0AllAllAll
  • cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*:
  • cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*: