Vulnerability Details : CVE-2016-2538
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.
Vulnerability category: Denial of service
Threat overview for CVE-2016-2538
Top countries where our scanners detected CVE-2016-2538
Top open port discovered on systems with this issue
22
IPs affected by CVE-2016-2538 2
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-2538!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-2538
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 22 %
Percentile, the proportion of vulnerabilities that are scored at or less