CVE-2016-2841 - OpenCVE

The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Ubuntu Linux
Qemu	Qemu

Configuration 1 [-]

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

References

Link	Resource
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=415ab35a441eca767d033a2702223e785b9d5190
http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html	Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/03/02/8
http://www.securityfocus.com/bid/84028
http://www.ubuntu.com/usn/USN-2974-1
https://bugzilla.redhat.com/show_bug.cgi?id=1303106
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg06126.html	Vendor Advisory
https://security.gentoo.org/glsa/201609-01

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2016-06-16T18:00:00

Updated: 2018-12-01T10:57:01

Reserved: 2016-03-02T00:00:00

Link: CVE-2016-2841

JSON object: View

NVD Information

Status : Modified

Published: 2016-06-16T18:59:07.203

Modified: 2023-02-12T23:17:46.330

Link: CVE-2016-2841

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-02-26T00:00:00", "descriptions": [{"lang": "en", "value": "The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-01T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20160302 CVE request Qemu: net: ne2000: infinite loop in ne2000_receive", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/03/02/8"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=415ab35a441eca767d033a2702223e785b9d5190"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303106"}, {"name": "84028", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/84028"}, {"name": "GLSA-201609-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201609-01"}, {"name": "[qemu-devel] 20160226 Re: [PATCH v2] net: ne2000: check ring buffer control registers", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg06126.html"}, {"name": "USN-2974-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2974-1"}, {"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"}, {"name": "[qemu-stable] 20160329 [Qemu-stable] [ANNOUNCE] QEMU 2.5.1 Stable released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-2841", "datePublished": "2016-06-16T18:00:00", "dateReserved": "2016-03-02T00:00:00", "dateUpdated": "2018-12-01T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "585C8283-F180-4305-BFA0-B125754DFCC6", "versionEndIncluding": "2.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control."}, {"lang": "es", "value": "La funci\u00f3n ne2000_receive en el soporte de emulaci\u00f3n NE2000 NIC (hw/net/ne2000.c) en QEMU en versiones anteriores a 2.5.1 permite a administradores locales del SO invitado provocar una denegaci\u00f3n de servicio (bucle infinito y ca\u00edda del proceso QEMU) a trav\u00e9s de valores manipulados para los registros PSTART y PSTOP, involucrando control de anillo de buffer."}], "id": "CVE-2016-2841", "lastModified": "2023-02-12T23:17:46.330", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-06-16T18:59:07.203", "references": [{"source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=415ab35a441eca767d033a2702223e785b9d5190"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2016/03/02/8"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/84028"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2974-1"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303106"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg06126.html"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201609-01"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}