CVE-2016-4952 : QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus em

QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command.

Published 2016-09-02 14:59:01

Updated 2025-04-12 10:46:41

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2016-4952

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Matching versions
Qemu » Qemu
Versions up to, including, (<=) 2.6.2
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-4952

EPSS FAQ

0.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 27 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-4952

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
1.9	LOW	AV:L/AC:M/Au:N/C:N/I:N/A:P	3.4	2.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
6.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H	1.5	4.0	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Changed Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2016-4952

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-4952

http://www.ubuntu.com/usn/USN-3047-1

USN-3047-1: QEMU vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1334384

1334384 – (CVE-2016-4952) CVE-2016-4952 Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines
Issue Tracking;Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/05/23/1

oss-security - CVE request: Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines
Mailing List;Third Party Advisory
http://www.ubuntu.com/usn/USN-3047-2

USN-3047-2: QEMU regression | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html

[SECURITY] [DLA 1599-1] qemu security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2016/05/23/4

oss-security - Re: CVE request: Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines
Mailing List;Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03774.html

[Qemu-devel] [PATCH] scsi: pvscsi: check command descriptor ring buffer
Mailing List;Patch;Third Party Advisory

Jump to

Vulnerability Details : CVE-2016-4952

Products affected by CVE-2016-4952

Exploit prediction scoring system (EPSS) score for CVE-2016-4952

CVSS scores for CVE-2016-4952

CWE ids for CVE-2016-4952

References for CVE-2016-4952