CVE-2016-5403 : The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS a

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

Published 2016-08-02 16:59:03

Updated 2025-04-12 10:46:41

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2016-5403

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.2
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.5
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.2
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.5
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
Matching versions
Redhat » Openstack » Version: 5.0
cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Openstack » Version: 6.0
cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Openstack » Version: 7.0
cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Openstack » Version: 9
cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
Matching versions
Redhat » Openstack » Version: 8
cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.2
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
Matching versions
Redhat » Virtualization » Version: 3.0
cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*
Matching versions
Oracle » Linux » Version: 7
cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
Matching versions
Oracle » Linux » Version: 6
cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*
Matching versions
Oracle » Linux » Version: 5
cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*
Matching versions
Oracle » Vm Server » Version: 3.4 For X86
cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:x86:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Matching versions
Qemu » Qemu
Versions up to, including, (<=) 2.6.0
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Matching versions
Qemu » Qemu » Version: 2.7.0 Update RC0
cpe:2.3:a:qemu:qemu:2.7.0:rc0:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-5403

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 22 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-5403

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2016-5403

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-5403

https://bugzilla.redhat.com/show_bug.cgi?id=1358359

1358359 – (CVE-2016-5403) CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS
Issue Tracking;Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1607.html

RHSA-2016:1607 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/92148

QEMU CVE-2016-5403 Denial of Service Vulnerability
Third Party Advisory;VDB Entry
http://rhn.redhat.com/errata/RHSA-2016-1653.html

RHSA-2016:1653 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2016-1763.html

RHSA-2016:1763 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-3047-1

USN-3047-1: QEMU vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2016-1943.html

RHSA-2016:1943 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2016-1654.html

RHSA-2016:1654 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

Oracle Linux Bulletin - October 2016
Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-3047-2

USN-3047-2: QEMU regression | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2016-1652.html

RHSA-2016:1652 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1655.html

RHSA-2016:1655 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2016-1586.html

RHSA-2016:1586 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1606.html

RHSA-2016:1606 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://xenbits.xen.org/xsa/advisory-184.html

XSA-184 - Xen Security Advisories
Patch;Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1756.html

RHSA-2016:1756 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1036476

Xen Virtio Request Processing Bug Lets Local Administrative Users on a Guest System Cause Denial of Service Conditions on the Host System - SecurityTracker
Third Party Advisory;VDB Entry
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Oracle VM Server for x86 Bulletin - July 2016
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html

[SECURITY] [DLA 1927-1] qemu security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2016-1585.html

RHSA-2016:1585 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

Oracle Linux Bulletin - July 2016
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2016-5403

Products affected by CVE-2016-5403

Exploit prediction scoring system (EPSS) score for CVE-2016-5403

CVSS scores for CVE-2016-5403

CWE ids for CVE-2016-5403

References for CVE-2016-5403