CVE-2016-7155 - OpenCVE

hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Qemu	Qemu

Configuration 1 [-]

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

References

Link	Resource
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7f61f4690dd153be98900a2a508b88989e692753
http://www.openwall.com/lists/oss-security/2016/09/06/2	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/09/07/1	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/92772	Third Party Advisory VDB Entry
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html	Mailing List Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-12-10T00:00:00

Updated: 2018-12-01T10:57:01

Reserved: 2016-09-06T00:00:00

Link: CVE-2016-7155

JSON object: View

NVD Information

Status : Modified

Published: 2016-12-10T00:59:12.263

Modified: 2023-11-07T02:34:15.660

Link: CVE-2016-7155

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-09-01T00:00:00", "descriptions": [{"lang": "en", "value": "hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-01T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20160906 Re: CVE request: Qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/09/07/1"}, {"name": "92772", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92772"}, {"name": "[qemu-devel] 20160901 [PATCH v3] scsi: check page count while initialising descriptor rings", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7f61f4690dd153be98900a2a508b88989e692753"}, {"name": "[oss-security] 20160906 CVE request: Qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/09/06/2"}, {"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7155", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20160906 Re: CVE request: Qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/09/07/1"}, {"name": "92772", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92772"}, {"name": "[qemu-devel] 20160901 [PATCH v3] scsi: check page count while initialising descriptor rings", "refsource": "MLIST", "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html"}, {"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=7f61f4690dd153be98900a2a508b88989e692753", "refsource": "CONFIRM", "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=7f61f4690dd153be98900a2a508b88989e692753"}, {"name": "[oss-security] 20160906 CVE request: Qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/09/06/2"}, {"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7155", "datePublished": "2016-12-10T00:00:00", "dateReserved": "2016-09-06T00:00:00", "dateUpdated": "2018-12-01T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "F83E2010-6463-407A-928D-DB71A705A04C", "versionEndIncluding": "2.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings."}, {"lang": "es", "value": "hw/scsi/vmw_pvscsi.c en QEMU (tambi\u00e9n conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegaci\u00f3n de servicio (acceso fuera de l\u00edmites o bucle infinito y ca\u00edda del proceso QEMU) a trav\u00e9s de un conteo de p\u00e1ginas manipuladas para anillos de descriptor."}], "id": "CVE-2016-7155", "lastModified": "2023-11-07T02:34:15.660", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-12-10T00:59:12.263", "references": [{"source": "cve@mitre.org", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7f61f4690dd153be98900a2a508b88989e692753"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/09/06/2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/09/07/1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/92772"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}