CVE-2016-2857

Published on: 04/08/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:16 PM UTC

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H

Certain versions of Ubuntu Linux from Canonical contain the following vulnerability:

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.

  • CVE-2016-2857 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.4 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
CHANGED HIGH NONE HIGH

CVSS2 Score: 3.6 - LOW

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE PARTIAL

CVE References

Description Tags Link
[SECURITY] [DLA 1599-1] qemu security update Mailing List
Third Party Advisory
lists.debian.org
text/html
URL Logo MLIST [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2704
git.qemu.org Git - qemu.git/commitdiff Patch
Vendor Advisory
git.qemu.org
text/xml
URL Logo CONFIRM git.qemu.org/?p=qemu.git;a=commitdiff;h=362786f14a753d8a5256ef97d7c10ed576d6572b
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2017:0350
oss-security - Re: CVE request Qemu: net: out of bounds read in net_checksum_calculate Mailing List
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160306 Re: CVE request Qemu: net: out of bounds read in net_checksum_calculate
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2670
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2706
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2017:0344
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2017:0083
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2017:0309
QEMU Out of Bounds Denial of Service Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 84130
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2017:0334
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2705
USN-2974-1: QEMU vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-2974-1
oss-security - CVE request Qemu: net: out of bounds read in net_checksum_calculate Mailing List
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160303 CVE request Qemu: net: out of bounds read in net_checksum_calculate
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2671

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
CanonicalUbuntu Linux12.04AllAllAll
Operating
System
CanonicalUbuntu Linux14.04AllAllAll
Operating
System
CanonicalUbuntu Linux15.10AllAllAll
Operating
System
CanonicalUbuntu Linux16.04AllAllAll
Operating
System
CanonicalUbuntu Linux12.04AllAllAll
Operating
System
CanonicalUbuntu Linux14.04AllAllAll
Operating
System
CanonicalUbuntu Linux15.10AllAllAll
Operating
System
CanonicalUbuntu Linux16.04AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
ApplicationQemuQemuAllAllAllAll
Operating
System
RedhatEnterprise Linux6.0AllAllAll
Operating
System
RedhatEnterprise Linux7.0AllAllAll
Operating
System
RedhatEnterprise Linux6.0AllAllAll
Operating
System
RedhatEnterprise Linux7.0AllAllAll
Operating
System
RedhatEnterprise Linux Desktop6.0AllAllAll
Operating
System
RedhatEnterprise Linux Desktop7.0AllAllAll
Operating
System
RedhatEnterprise Linux Desktop6.0AllAllAll
Operating
System
RedhatEnterprise Linux Desktop7.0AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.4AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.5AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.4AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.5AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Server6.0AllAllAll
Operating
System
RedhatEnterprise Linux Server7.0AllAllAll
Operating
System
RedhatEnterprise Linux Server6.0AllAllAll
Operating
System
RedhatEnterprise Linux Server7.0AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.4AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.4AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Workstation6.0AllAllAll
Operating
System
RedhatEnterprise Linux Workstation7.0AllAllAll
Operating
System
RedhatEnterprise Linux Workstation6.0AllAllAll
Operating
System
RedhatEnterprise Linux Workstation7.0AllAllAll
ApplicationRedhatOpenstack5.0AllAllAll
ApplicationRedhatOpenstack6.0AllAllAll
ApplicationRedhatOpenstack7.0AllAllAll
ApplicationRedhatOpenstack8.0AllAllAll
ApplicationRedhatOpenstack9.0AllAllAll
ApplicationRedhatOpenstack5.0AllAllAll
ApplicationRedhatOpenstack6.0AllAllAll
ApplicationRedhatOpenstack7.0AllAllAll
ApplicationRedhatOpenstack8.0AllAllAll
ApplicationRedhatOpenstack9.0AllAllAll
ApplicationRedhatVirtualization3.0AllAllAll
ApplicationRedhatVirtualization4.0AllAllAll
ApplicationRedhatVirtualization3.0AllAllAll
ApplicationRedhatVirtualization4.0AllAllAll
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:9.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:9.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*: