Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ubuntu-cve-2016-10028
Vulnerability from osv_ubuntu
The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-system",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-system-aarch64",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-user",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:2.5+dfsg-5ubuntu10.11?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.5+dfsg-5ubuntu10.11"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:2.3+dfsg-5ubuntu9",
"1:2.3+dfsg-5ubuntu10",
"1:2.4+dfsg-4ubuntu1",
"1:2.4+dfsg-4ubuntu2",
"1:2.4+dfsg-4ubuntu3",
"1:2.4+dfsg-5ubuntu3",
"1:2.5+dfsg-1ubuntu2",
"1:2.5+dfsg-1ubuntu3",
"1:2.5+dfsg-1ubuntu4",
"1:2.5+dfsg-1ubuntu5",
"1:2.5+dfsg-5ubuntu1",
"1:2.5+dfsg-5ubuntu2",
"1:2.5+dfsg-5ubuntu4",
"1:2.5+dfsg-5ubuntu6",
"1:2.5+dfsg-5ubuntu7",
"1:2.5+dfsg-5ubuntu10",
"1:2.5+dfsg-5ubuntu10.1",
"1:2.5+dfsg-5ubuntu10.2",
"1:2.5+dfsg-5ubuntu10.3",
"1:2.5+dfsg-5ubuntu10.4",
"1:2.5+dfsg-5ubuntu10.5",
"1:2.5+dfsg-5ubuntu10.6",
"1:2.5+dfsg-5ubuntu10.7",
"1:2.5+dfsg-5ubuntu10.8",
"1:2.5+dfsg-5ubuntu10.9",
"1:2.5+dfsg-5ubuntu10.10"
]
}
],
"aliases": [],
"details": "The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0.",
"id": "UBUNTU-CVE-2016-10028",
"modified": "2025-09-08T16:43:58Z",
"published": "2017-02-27T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-10028"
},
{
"type": "REPORT",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html"
},
{
"type": "REPORT",
"url": "http://www.openwall.com/lists/oss-security/2016/12/20/1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-3261-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-3268-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10028"
}
],
"related": [
"USN-3261-1",
"USN-3268-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2016-10028"
]
}
CVE-2016-10028 (GCVE-0-2016-10028)
Vulnerability from cvelistv5 – Published: 2017-02-27 22:00 – Updated: 2024-08-06 03:07- n/a
| URL | Tags |
|---|---|
| http://git.qemu-project.org/?p=qemu.git%3Ba=commi… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037525 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/94981 | vdb-entryx_refsource_BID |
| https://security.gentoo.org/glsa/201701-49 | vendor-advisoryx_refsource_GENTOO |
| https://lists.gnu.org/archive/html/qemu-devel/201… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2016/12/20/1 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2016/1… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=abd7f08b2353f43274b785db8c7224f082ef4d31"
},
{
"name": "1037525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037525"
},
{
"name": "94981",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94981"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[qemu-devel] 20161214 [PATCH] display: virtio-gpu-3d: check virgl capabilities max_size",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html"
},
{
"name": "[oss-security] 20161220 CVE request Qemu: display: virtio-gpu-3d: OOB access while reading virgl capabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/20/1"
},
{
"name": "[oss-security] 20161222 Re: CVE request Qemu: display: virtio-gpu-3d: OOB access while reading virgl capabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/22/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=abd7f08b2353f43274b785db8c7224f082ef4d31"
},
{
"name": "1037525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037525"
},
{
"name": "94981",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94981"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[qemu-devel] 20161214 [PATCH] display: virtio-gpu-3d: check virgl capabilities max_size",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html"
},
{
"name": "[oss-security] 20161220 CVE request Qemu: display: virtio-gpu-3d: OOB access while reading virgl capabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/20/1"
},
{
"name": "[oss-security] 20161222 Re: CVE request Qemu: display: virtio-gpu-3d: OOB access while reading virgl capabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/22/14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-10028",
"datePublished": "2017-02-27T22:00:00.000Z",
"dateReserved": "2016-12-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:07:31.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
usn-3261-1
Vulnerability from osv_ubuntu
Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10028, CVE-2016-10029)
Li Qiang discovered that QEMU incorrectly handled the 6300esb watchdog. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-10155)
Li Qiang discovered that QEMU incorrectly handled the i.MX Fast Ethernet Controller. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7907)
It was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-8667)
It was discovered that QEMU incorrectly handled the 16550A UART device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-8669)
It was discovered that QEMU incorrectly handled the shared rings when used with Xen. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. (CVE-2016-9381)
Jann Horn discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to access files on the host file system outside of the shared directory and possibly escalate their privileges. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-9602)
Gerd Hoffmann discovered that QEMU incorrectly handled the Cirrus VGA device when being used with a VNC connection. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-9603)
It was discovered that QEMU incorrectly handled the ColdFire Fast Ethernet Controller. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-9776)
Li Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to leak contents of host memory. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9845, CVE-2016-9908)
Li Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9846, CVE-2016-9912, CVE-2017-5552, CVE-2017-5578, CVE-2017-5857)
Li Qiang discovered that QEMU incorrectly handled the USB redirector. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9907)
Li Qiang discovered that QEMU incorrectly handled USB EHCI emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-9911)
Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-9913, CVE-2016-9914, CVE-2016-9915, CVE-2016-9916)
Qinghao Tang, Li Qiang, and Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-9921, CVE-2016-9922)
Wjjzhang and Li Qiang discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2017-2615)
It was discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2017-2620)
It was discovered that QEMU incorrectly handled VNC connections. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-2633)
Li Qiang discovered that QEMU incorrectly handled the ac97 audio device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5525)
Li Qiang discovered that QEMU incorrectly handled the es1370 audio device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5526)
Li Qiang discovered that QEMU incorrectly handled the 16550A UART device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5579)
Jiang Xin discovered that QEMU incorrectly handled SDHCI device emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2017-5667)
Li Qiang discovered that QEMU incorrectly handled the MegaRAID SAS device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5856)
Li Qiang discovered that QEMU incorrectly handled the CCID Card device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5898)
Li Qiang discovered that QEMU incorrectly handled USB xHCI controller emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5973)
Jiang Xin and Wjjzhang discovered that QEMU incorrectly handled SDHCI device emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5987)
Li Qiang discovered that QEMU incorrectly handled USB OHCI controller emulation. A privileged attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service. (CVE-2017-6505)
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2016-8667",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-8669",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9381",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9602",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9603",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9776",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9911",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9913",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9914",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9915",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9916",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9921",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9922",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-10155",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-2615",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-2620",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-2633",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-5525",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-5526",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-5579",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-5667",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-5856",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-5898",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-5973",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-5987",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-6505",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "2.0.0+dfsg-2ubuntu1.33"
},
{
"binary_name": "qemu-common",
"binary_version": "2.0.0+dfsg-2ubuntu1.33"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "2.0.0+dfsg-2ubuntu1.33"
},
{
"binary_name": "qemu-keymaps",
"binary_version": "2.0.0+dfsg-2ubuntu1.33"
},
{
"binary_name": "qemu-kvm",
"binary_version": "2.0.0+dfsg-2ubuntu1.33"
},
{
"binary_name": "qemu-system",
"binary_version": "2.0.0+dfsg-2ubuntu1.33"
},
{
"binary_name": "qemu-system-aarch64",
"binary_version": "2.0.0+dfsg-2ubuntu1.33"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "2.0.0+dfsg-2ubuntu1.33"
},
{
"binary_name": "qemu-system-common",
"binary_version": "2.0.0+dfsg-2ubuntu1.33"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "2.0.0+dfsg-2ubuntu1.33"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "2.0.0+dfsg-2ubuntu1.33"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "2.0.0+dfsg-2ubuntu1.33"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "2.0.0+dfsg-2ubuntu1.33"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "2.0.0+dfsg-2ubuntu1.33"
},
{
"binary_name": "qemu-user",
"binary_version": "2.0.0+dfsg-2ubuntu1.33"
},
{
"binary_name": "qemu-user-static",
"binary_version": "2.0.0+dfsg-2ubuntu1.33"
},
{
"binary_name": "qemu-utils",
"binary_version": "2.0.0+dfsg-2ubuntu1.33"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@2.0.0+dfsg-2ubuntu1.33?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0+dfsg-2ubuntu1.33"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.5.0+dfsg-3ubuntu5",
"1.5.0+dfsg-3ubuntu6",
"1.6.0+dfsg-2ubuntu1",
"1.6.0+dfsg-2ubuntu2",
"1.6.0+dfsg-2ubuntu3",
"1.6.0+dfsg-2ubuntu4",
"1.7.0+dfsg-2ubuntu1",
"1.7.0+dfsg-2ubuntu2",
"1.7.0+dfsg-2ubuntu3",
"1.7.0+dfsg-2ubuntu4",
"1.7.0+dfsg-2ubuntu5",
"1.7.0+dfsg-2ubuntu7",
"1.7.0+dfsg-2ubuntu8",
"1.7.0+dfsg-2ubuntu9",
"1.7.0+dfsg-3ubuntu1~ppa1",
"1.7.0+dfsg-3ubuntu1",
"1.7.0+dfsg-3ubuntu2",
"1.7.0+dfsg-3ubuntu3",
"1.7.0+dfsg-3ubuntu4",
"1.7.0+dfsg-3ubuntu5",
"1.7.0+dfsg-3ubuntu6",
"1.7.0+dfsg-3ubuntu7",
"2.0.0~rc1+dfsg-0ubuntu1",
"2.0.0~rc1+dfsg-0ubuntu2",
"2.0.0~rc1+dfsg-0ubuntu3",
"2.0.0~rc1+dfsg-0ubuntu3.1",
"2.0.0+dfsg-2ubuntu1",
"2.0.0+dfsg-2ubuntu1.1",
"2.0.0+dfsg-2ubuntu1.2",
"2.0.0+dfsg-2ubuntu1.3",
"2.0.0+dfsg-2ubuntu1.5",
"2.0.0+dfsg-2ubuntu1.6",
"2.0.0+dfsg-2ubuntu1.7",
"2.0.0+dfsg-2ubuntu1.8",
"2.0.0+dfsg-2ubuntu1.9",
"2.0.0+dfsg-2ubuntu1.10",
"2.0.0+dfsg-2ubuntu1.11",
"2.0.0+dfsg-2ubuntu1.13",
"2.0.0+dfsg-2ubuntu1.14",
"2.0.0+dfsg-2ubuntu1.15",
"2.0.0+dfsg-2ubuntu1.16",
"2.0.0+dfsg-2ubuntu1.17",
"2.0.0+dfsg-2ubuntu1.18",
"2.0.0+dfsg-2ubuntu1.19",
"2.0.0+dfsg-2ubuntu1.20",
"2.0.0+dfsg-2ubuntu1.21",
"2.0.0+dfsg-2ubuntu1.22",
"2.0.0+dfsg-2ubuntu1.24",
"2.0.0+dfsg-2ubuntu1.25",
"2.0.0+dfsg-2ubuntu1.26",
"2.0.0+dfsg-2ubuntu1.27",
"2.0.0+dfsg-2ubuntu1.28",
"2.0.0+dfsg-2ubuntu1.29",
"2.0.0+dfsg-2ubuntu1.30",
"2.0.0+dfsg-2ubuntu1.31",
"2.0.0+dfsg-2ubuntu1.32"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2016-7907",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-8667",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-8669",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9381",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9602",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9603",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9776",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9845",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9846",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9907",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9908",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9911",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9912",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9913",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9914",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9915",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9916",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9921",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9922",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-10028",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-10029",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-10155",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-2615",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-2620",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-5525",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-5526",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-5552",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-5578",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-5579",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-5667",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-5856",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-5857",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-5898",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-5973",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-5987",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-6505",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "qemu",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-block-extra",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-guest-agent",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-kvm",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-system",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-system-aarch64",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-system-arm",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-system-common",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-system-mips",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-system-misc",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-system-ppc",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-system-s390x",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-system-sparc",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-system-x86",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-user",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-user-binfmt",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-user-static",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
},
{
"binary_name": "qemu-utils",
"binary_version": "1:2.5+dfsg-5ubuntu10.11"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "qemu",
"purl": "pkg:deb/ubuntu/qemu@1:2.5+dfsg-5ubuntu10.11?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.5+dfsg-5ubuntu10.11"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:2.3+dfsg-5ubuntu9",
"1:2.3+dfsg-5ubuntu10",
"1:2.4+dfsg-4ubuntu1",
"1:2.4+dfsg-4ubuntu2",
"1:2.4+dfsg-4ubuntu3",
"1:2.4+dfsg-5ubuntu3",
"1:2.5+dfsg-1ubuntu2",
"1:2.5+dfsg-1ubuntu3",
"1:2.5+dfsg-1ubuntu4",
"1:2.5+dfsg-1ubuntu5",
"1:2.5+dfsg-5ubuntu1",
"1:2.5+dfsg-5ubuntu2",
"1:2.5+dfsg-5ubuntu4",
"1:2.5+dfsg-5ubuntu6",
"1:2.5+dfsg-5ubuntu7",
"1:2.5+dfsg-5ubuntu10",
"1:2.5+dfsg-5ubuntu10.1",
"1:2.5+dfsg-5ubuntu10.2",
"1:2.5+dfsg-5ubuntu10.3",
"1:2.5+dfsg-5ubuntu10.4",
"1:2.5+dfsg-5ubuntu10.5",
"1:2.5+dfsg-5ubuntu10.6",
"1:2.5+dfsg-5ubuntu10.7",
"1:2.5+dfsg-5ubuntu10.8",
"1:2.5+dfsg-5ubuntu10.9",
"1:2.5+dfsg-5ubuntu10.10"
]
}
],
"aliases": [],
"details": "Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU\ndevice. An attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 16.10. (CVE-2016-10028, CVE-2016-10029)\n\nLi Qiang discovered that QEMU incorrectly handled the 6300esb watchdog. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. (CVE-2016-10155)\n\nLi Qiang discovered that QEMU incorrectly handled the i.MX Fast Ethernet\nController. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. This issue only\naffected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7907)\n\nIt was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. (CVE-2016-8667)\n\nIt was discovered that QEMU incorrectly handled the 16550A UART device. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. (CVE-2016-8669)\n\nIt was discovered that QEMU incorrectly handled the shared rings when used\nwith Xen. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service, or possibly execute\narbitrary code on the host. (CVE-2016-9381)\n\nJann Horn discovered that QEMU incorrectly handled VirtFS directory\nsharing. A privileged attacker inside the guest could use this issue to\naccess files on the host file system outside of the shared directory and\npossibly escalate their privileges. In the default installation, when QEMU\nis used with libvirt, attackers would be isolated by the libvirt AppArmor\nprofile. (CVE-2016-9602)\n\nGerd Hoffmann discovered that QEMU incorrectly handled the Cirrus VGA\ndevice when being used with a VNC connection. A privileged attacker inside\nthe guest could use this issue to cause QEMU to crash, resulting in a\ndenial of service, or possibly execute arbitrary code on the host. In the\ndefault installation, when QEMU is used with libvirt, attackers would be\nisolated by the libvirt AppArmor profile. (CVE-2016-9603)\n\nIt was discovered that QEMU incorrectly handled the ColdFire Fast Ethernet\nController. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. (CVE-2016-9776)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An\nattacker inside the guest could use this issue to cause QEMU to leak\ncontents of host memory. This issue only affected Ubuntu 16.04 LTS and\nUbuntu 16.10. (CVE-2016-9845, CVE-2016-9908)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An\nattacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. This issue only affected Ubuntu 16.04 LTS\nand Ubuntu 16.10. (CVE-2016-9846, CVE-2016-9912, CVE-2017-5552,\nCVE-2017-5578, CVE-2017-5857)\n\nLi Qiang discovered that QEMU incorrectly handled the USB redirector. An\nattacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. This issue only affected Ubuntu 16.04 LTS\nand Ubuntu 16.10. (CVE-2016-9907)\n\nLi Qiang discovered that QEMU incorrectly handled USB EHCI emulation. An\nattacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. (CVE-2016-9911)\n\nLi Qiang discovered that QEMU incorrectly handled VirtFS directory sharing.\nA privileged attacker inside the guest could use this issue to cause QEMU\nto crash, resulting in a denial of service. (CVE-2016-9913, CVE-2016-9914,\nCVE-2016-9915, CVE-2016-9916)\n\nQinghao Tang, Li Qiang, and Jiangxin discovered that QEMU incorrectly\nhandled the Cirrus VGA device. A privileged attacker inside the guest could\nuse this issue to cause QEMU to crash, resulting in a denial of service.\n(CVE-2016-9921, CVE-2016-9922)\n\nWjjzhang and Li Qiang discovered that QEMU incorrectly handled the Cirrus\nVGA device. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service, or possibly execute\narbitrary code on the host. In the default installation, when QEMU is used\nwith libvirt, attackers would be isolated by the libvirt AppArmor profile.\n(CVE-2017-2615)\n\nIt was discovered that QEMU incorrectly handled the Cirrus VGA device. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service, or possibly execute arbitrary code\non the host. In the default installation, when QEMU is used with libvirt,\nattackers would be isolated by the libvirt AppArmor profile.\n(CVE-2017-2620)\n\nIt was discovered that QEMU incorrectly handled VNC connections. An\nattacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. (CVE-2017-2633)\n\nLi Qiang discovered that QEMU incorrectly handled the ac97 audio device. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. (CVE-2017-5525)\n\nLi Qiang discovered that QEMU incorrectly handled the es1370 audio device.\nA privileged attacker inside the guest could use this issue to cause QEMU\nto crash, resulting in a denial of service. (CVE-2017-5526)\n\nLi Qiang discovered that QEMU incorrectly handled the 16550A UART device. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. (CVE-2017-5579)\n\nJiang Xin discovered that QEMU incorrectly handled SDHCI device emulation.\nA privileged attacker inside the guest could use this issue to cause QEMU\nto crash, resulting in a denial of service, or possibly execute arbitrary\ncode on the host. In the default installation, when QEMU is used with\nlibvirt, attackers would be isolated by the libvirt AppArmor profile.\n(CVE-2017-5667)\n\nLi Qiang discovered that QEMU incorrectly handled the MegaRAID SAS device.\nA privileged attacker inside the guest could use this issue to cause QEMU\nto crash, resulting in a denial of service. (CVE-2017-5856)\n\nLi Qiang discovered that QEMU incorrectly handled the CCID Card device. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. (CVE-2017-5898)\n\nLi Qiang discovered that QEMU incorrectly handled USB xHCI controller\nemulation. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. (CVE-2017-5973)\n\nJiang Xin and Wjjzhang discovered that QEMU incorrectly handled SDHCI\ndevice emulation. A privileged attacker inside the guest could use this\nissue to cause QEMU to crash, resulting in a denial of service.\n(CVE-2017-5987)\n\nLi Qiang discovered that QEMU incorrectly handled USB OHCI controller\nemulation. A privileged attacker inside the guest could use this issue to\ncause QEMU to hang, resulting in a denial of service. (CVE-2017-6505)\n",
"id": "USN-3261-1",
"modified": "2026-02-10T04:41:06Z",
"published": "2017-04-20T18:33:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-3261-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-7907"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-8667"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-8669"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9381"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9602"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9603"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9776"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9845"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9846"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9907"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9908"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9911"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9912"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9913"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9914"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9915"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9916"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9921"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9922"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-10028"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-10029"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-10155"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-2615"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-2620"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-2633"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-5525"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-5526"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-5552"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-5578"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-5579"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-5667"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-5856"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-5857"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-5898"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-5973"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-5987"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-6505"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "qemu vulnerabilities",
"upstream": [
"UBUNTU-CVE-2016-7907",
"UBUNTU-CVE-2016-8667",
"UBUNTU-CVE-2016-8669",
"UBUNTU-CVE-2016-9381",
"UBUNTU-CVE-2016-9602",
"UBUNTU-CVE-2016-9603",
"UBUNTU-CVE-2016-9776",
"UBUNTU-CVE-2016-9845",
"UBUNTU-CVE-2016-9846",
"UBUNTU-CVE-2016-9907",
"UBUNTU-CVE-2016-9908",
"UBUNTU-CVE-2016-9911",
"UBUNTU-CVE-2016-9912",
"UBUNTU-CVE-2016-9913",
"UBUNTU-CVE-2016-9914",
"UBUNTU-CVE-2016-9915",
"UBUNTU-CVE-2016-9916",
"UBUNTU-CVE-2016-9921",
"UBUNTU-CVE-2016-9922",
"UBUNTU-CVE-2016-10028",
"UBUNTU-CVE-2016-10029",
"UBUNTU-CVE-2016-10155",
"UBUNTU-CVE-2017-2615",
"UBUNTU-CVE-2017-2620",
"UBUNTU-CVE-2017-2633",
"UBUNTU-CVE-2017-5525",
"UBUNTU-CVE-2017-5526",
"UBUNTU-CVE-2017-5552",
"UBUNTU-CVE-2017-5578",
"UBUNTU-CVE-2017-5579",
"UBUNTU-CVE-2017-5667",
"UBUNTU-CVE-2017-5856",
"UBUNTU-CVE-2017-5857",
"UBUNTU-CVE-2017-5898",
"UBUNTU-CVE-2017-5973",
"UBUNTU-CVE-2017-5987",
"UBUNTU-CVE-2017-6505"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.