CVE-2016-1981
Summary
| CVE | CVE-2016-1981 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-12-29 22:59:00 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS. |
Risk And Classification
Primary CVSS: v3.1 5.5 MEDIUM from [email protected]
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS: 0.000620000 probability, percentile 0.192360000 (date 2026-05-11)
Problem Types: CWE-835 | n/a
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| 2.0 | [email protected] | Primary | 2.1 | AV:L/AC:L/Au:N/C:N/I:N/A:P |
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
HighCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS v2.0 Breakdown
Access Vector
LocalAccess Complexity
LowAuthentication
NoneConfidentiality
NoneIntegrity
NoneAvailability
PartialAV:L/AC:L/Au:N/C:N/I:N/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Application | Qemu | Qemu | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Debian -- Security Information -- DSA-3469-1 qemu | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Third Party Advisory |
| Debian -- Security Information -- DSA-3470-1 qemu-kvm | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Third Party Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Third Party Advisory |
| oss-security - Re: CVE request Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Third Party Advisory |
| Debian -- Security Information -- DSA-3471-1 qemu | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Third Party Advisory |
| [Qemu-devel] [PATCH] e1000: eliminate infinite loops on out-of-bounds tr | af854a3a-2127-422b-91ae-364da2661108 | lists.gnu.org | Patch, Vendor Advisory |
| oss-security - CVE request Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Third Party Advisory |
| Bug 1298570 – CVE-2016-1981 Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | Issue Tracking |
| QEMU: Multiple vulnerabilities (GLSA 201604-01) — Gentoo Security | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | Third Party Advisory |
| QEMU CVE-2016-1981 Multiple Denial of Service Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| CVE-2016-1981 - Red Hat Customer Portal | MITRE | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 900063 CBL-Mariner Linux Security Update for qemu-kvm 4.2.0