Vulnerability Details : CVE-2016-1981
QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS.
Vulnerability category: Denial of service
Products affected by CVE-2016-1981
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Threat overview for CVE-2016-1981
Top countries where our scanners detected CVE-2016-1981
Top open port discovered on systems with this issue
22
IPs affected by CVE-2016-1981 2
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-1981!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-1981
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-1981
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2016-1981
-
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1981
-
http://www.debian.org/security/2016/dsa-3469
Debian -- Security Information -- DSA-3469-1 qemuThird Party Advisory
-
http://www.securityfocus.com/bid/81549
QEMU CVE-2016-1981 Multiple Denial of Service VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www.debian.org/security/2016/dsa-3471
Debian -- Security Information -- DSA-3471-1 qemuThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/01/19/10
oss-security - CVE request Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routinesMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/01/22/1
oss-security - Re: CVE request Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routinesMailing List;Third Party Advisory
-
http://www.debian.org/security/2016/dsa-3470
Debian -- Security Information -- DSA-3470-1 qemu-kvmThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1298570
1298570 – (CVE-2016-1981) CVE-2016-1981 Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routinesIssue Tracking
-
https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html
[Qemu-devel] [PATCH] e1000: eliminate infinite loops on out-of-bounds trPatch;Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-2585.html
RHSA-2016:2585 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://security.gentoo.org/glsa/201604-01
QEMU: Multiple vulnerabilities (GLSA 201604-01) — Gentoo securityThird Party Advisory
Jump to