CVE-2016-5403
Published Aug 2, 2016
Last updated 3 years ago
Overview
- Description
- The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.9
- Impact score
- 6.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:N/I:N/A:C
Weaknesses
- nvd@nist.gov
- CWE-400
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "62A2AC02-A933-4E51-810E-5D040B476B7B"
},
{
"criteria": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC7A498A-A669-4C42-8134-86103C799D13"
},
{
"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B"
},
{
"criteria": "cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "846F21C6-3D7F-4092-9C68-D5BEAFF7916F"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EFCB21B5-E285-452B-B30E-6C9D21EF8072",
"versionEndIncluding": "2.6.0"
},
{
"criteria": "cpe:2.3:a:qemu:qemu:2.7.0:rc0:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA78F261-DEB3-46D5-9998-106F6210755E"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3"
},
{
"criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA"
},
{
"criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95"
},
{
"criteria": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8B8C725-34CF-4340-BE7B-37E58CF706D6"
},
{
"criteria": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B"
},
{
"criteria": "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D86166F9-BBF0-4650-8CCD-0F9C97104D21"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B28F9028-AAD2-45E6-A4AA-369792B0275B"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44B067C7-735E-43C9-9188-7E1522A02491"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"
}
],
"operator": "OR"
}
]
}
]