CVE-2016-2841

Published on: 06/16/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:15 PM UTC

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Certain versions of Ubuntu Linux from Canonical contain the following vulnerability:

The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.

  • CVE-2016-2841 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 6 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW HIGH NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
CHANGED NONE NONE HIGH

CVSS2 Score: 2.1 - LOW

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE PARTIAL

CVE References

Description Tags Link
[SECURITY] [DLA 1599-1] qemu security update lists.debian.org
text/html
URL Logo MLIST [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
git.qemu.org Git - qemu.git/commit Vendor Advisory
git.qemu.org
text/xml
URL Logo CONFIRM git.qemu.org/?p=qemu.git;a=commit;h=415ab35a441eca767d033a2702223e785b9d5190
QEMU 'ne2000.c' CVE-2016-2841 Denial of Service Vulnerability cve.report (archive)
text/html
URL Logo BID 84028
[Qemu-devel] 答复: [PATCH v2] net: ne2000: check ring buffer control regis Vendor Advisory
lists.gnu.org
text/html
URL Logo MLIST [qemu-devel] 20160226 Re: [PATCH v2] net: ne2000: check ring buffer control registers
oss-security - CVE request Qemu: net: ne2000: infinite loop in ne2000_receive www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160302 CVE request Qemu: net: ne2000: infinite loop in ne2000_receive
1303106 – (CVE-2016-2841) CVE-2016-2841 Qemu: net: ne2000: infinite loop in ne2000_receive bugzilla.redhat.com
text/html
URL Logo CONFIRM bugzilla.redhat.com/show_bug.cgi?id=1303106
USN-2974-1: QEMU vulnerabilities | Ubuntu www.ubuntu.com
text/html
URL Logo UBUNTU USN-2974-1
QEMU: Multiple vulnerabilities (GLSA 201609-01) — Gentoo security security.gentoo.org
text/html
URL Logo GENTOO GLSA-201609-01
[Qemu-stable] [ANNOUNCE] QEMU 2.5.1 Stable released Vendor Advisory
lists.nongnu.org
text/html
URL Logo MLIST [qemu-stable] 20160329 [Qemu-stable] [ANNOUNCE] QEMU 2.5.1 Stable released

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
CanonicalUbuntu Linux12.04AllAllAll
Operating
System
CanonicalUbuntu Linux14.04AllAllAll
Operating
System
CanonicalUbuntu Linux15.10AllAllAll
Operating
System
CanonicalUbuntu Linux16.04AllAllAll
Operating
System
CanonicalUbuntu Linux12.04AllAllAll
Operating
System
CanonicalUbuntu Linux14.04AllAllAll
Operating
System
CanonicalUbuntu Linux15.10AllAllAll
Operating
System
CanonicalUbuntu Linux16.04AllAllAll
ApplicationQemuQemuAllAllAllAll
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
  • cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*: