CVE-2016-2841 : The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c

The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.

Published 2016-06-16 18:59:07

Updated 2025-04-12 10:46:41

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2016-2841

Canonical » Ubuntu Linux » Version: 15.10
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Matching versions
Qemu » Qemu
Versions up to, including, (<=) 2.5.0
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2016-2841

Top countries where our scanners detected CVE-2016-2841

Top open port discovered on systems with this issue 8200

IPs affected by CVE-2016-2841 15

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2016-2841!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2016-2841

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 24 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-2841

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:N/A:P	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
6.0	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H	1.5	4.0	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Changed Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2016-2841

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-2841

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=415ab35a441eca767d033a2702223e785b9d5190

QEMU · GitLab
http://www.ubuntu.com/usn/USN-2974-1

USN-2974-1: QEMU vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg06126.html

[Qemu-devel] 答复: [PATCH v2] net: ne2000: check ring buffer control regis
Vendor Advisory
http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html

[Qemu-stable] [ANNOUNCE] QEMU 2.5.1 Stable released
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/84028

QEMU 'ne2000.c' CVE-2016-2841 Denial of Service Vulnerability
http://www.openwall.com/lists/oss-security/2016/03/02/8

oss-security - CVE request Qemu: net: ne2000: infinite loop in ne2000_receive
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html

[SECURITY] [DLA 1599-1] qemu security update

CVEs referencing this url
https://security.gentoo.org/glsa/201609-01

QEMU: Multiple vulnerabilities (GLSA 201609-01) — Gentoo security

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1303106

1303106 – (CVE-2016-2841) CVE-2016-2841 Qemu: net: ne2000: infinite loop in ne2000_receive