CVE-2016-7157 - OpenCVE

The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Qemu	Qemu

Configuration 1 [-]

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

References

Link	Resource
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=65a8e1f6413a0f6f79894da710b5d6d43361d27d
http://www.openwall.com/lists/oss-security/2016/09/06/4	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/09/07/3	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/92775	Third Party Advisory VDB Entry
https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04295.html	Patch Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04296.html	Patch Third Party Advisory
https://security.gentoo.org/glsa/201609-01	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-12-10T00:00:00

Updated: 2017-06-30T16:57:01

Reserved: 2016-09-06T00:00:00

Link: CVE-2016-7157

JSON object: View

NVD Information

Status : Modified

Published: 2016-12-10T00:59:14.950

Modified: 2023-11-07T02:34:15.790

Link: CVE-2016-7157

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-08-31T00:00:00", "descriptions": [{"lang": "en", "value": "The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "92775", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92775"}, {"name": "GLSA-201609-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201609-01"}, {"name": "[qemu-devel] 20160831 [PATCH 2/2] scsi: mptconfig: fix an assert expression", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04296.html"}, {"name": "[oss-security] 20160906 CVE Request Qemu: scsi: mptsas: invalid memory access while building configuration pages", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/09/06/4"}, {"name": "[oss-security] 20160906 Re: CVE Request Qemu: scsi: mptsas: invalid memory access while building configuration pages", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/09/07/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=65a8e1f6413a0f6f79894da710b5d6d43361d27d"}, {"name": "[qemu-devel] 20160831 [PATCH 1/2] scsi: mptconfig: fix format string", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04295.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7157", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "92775", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92775"}, {"name": "GLSA-201609-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201609-01"}, {"name": "[qemu-devel] 20160831 [PATCH 2/2] scsi: mptconfig: fix an assert expression", "refsource": "MLIST", "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04296.html"}, {"name": "[oss-security] 20160906 CVE Request Qemu: scsi: mptsas: invalid memory access while building configuration pages", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/09/06/4"}, {"name": "[oss-security] 20160906 Re: CVE Request Qemu: scsi: mptsas: invalid memory access while building configuration pages", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/09/07/3"}, {"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=65a8e1f6413a0f6f79894da710b5d6d43361d27d", "refsource": "CONFIRM", "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=65a8e1f6413a0f6f79894da710b5d6d43361d27d"}, {"name": "[qemu-devel] 20160831 [PATCH 1/2] scsi: mptconfig: fix format string", "refsource": "MLIST", "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04295.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7157", "datePublished": "2016-12-10T00:00:00", "dateReserved": "2016-09-06T00:00:00", "dateUpdated": "2017-06-30T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "F83E2010-6463-407A-928D-DB71A705A04C", "versionEndIncluding": "2.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK."}, {"lang": "es", "value": "Las funciones (1) mptsas_config_manufactureng_1 y (2) mptsas_config_ioc_0 en hw/scsi/mptconfig.c en QEMU (tambi\u00e9n conocido como Quick Emulator) permiten a administradores locales del SO invitado provocar una denegaci\u00f3n de servicio (ca\u00edda del proceso QEMU) a trav\u00e9s de vectores que implican MPTSAS_CONFIG_PACK."}], "id": "CVE-2016-7157", "lastModified": "2023-11-07T02:34:15.790", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-12-10T00:59:14.950", "references": [{"source": "cve@mitre.org", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=65a8e1f6413a0f6f79894da710b5d6d43361d27d"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/09/06/4"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/09/07/3"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/92775"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04295.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04296.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201609-01"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}