usn-3125-1
Vulnerability from osv_ubuntu
Published
2016-11-09 18:30
Modified
2026-02-10 04:41
Summary
qemu, qemu-kvm vulnerabilities
Details

Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2016-5403)

Li Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network card emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-6833, CVE-2016-6834, CVE-2016-6888)

Li Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network card emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-6835)

Li Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network card emulation support. A privileged attacker inside the guest could use this issue to possibly to obtain sensitive host memory. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-6836)

Felix Wilhelm discovered that QEMU incorrectly handled Plan 9 File System (9pfs) support. A privileged attacker inside the guest could use this issue to possibly to obtain sensitive host files. (CVE-2016-7116)

Li Qiang and Tom Victor discovered that QEMU incorrectly handled VMWARE PVSCSI paravirtual SCSI bus emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7155)

Li Qiang discovered that QEMU incorrectly handled VMWARE PVSCSI paravirtual SCSI bus emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7156, CVE-2016-7421)

Tom Victor discovered that QEMU incorrectly handled LSI SAS1068 host bus emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.10. (CVE-2016-7157)

Hu Chaojian discovered that QEMU incorrectly handled xlnx.xps-ethernetlite emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-7161)

Qinghao Tang and Li Qiang discovered that QEMU incorrectly handled the VMWare VGA module. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-7170)

Qinghao Tang and Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.10. (CVE-2016-7422)

Li Qiang discovered that QEMU incorrectly handled LSI SAS1068 host bus emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.10. (CVE-2016-7423)

Li Qiang discovered that QEMU incorrectly handled USB xHCI controller emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7466)

Li Qiang discovered that QEMU incorrectly handled ColdFire Fast Ethernet Controller emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-7908)

Li Qiang discovered that QEMU incorrectly handled AMD PC-Net II emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-7909)

Li Qiang discovered that QEMU incorrectly handled the Virtio GPU support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7994)

Li Qiang discovered that QEMU incorrectly handled USB EHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 16.10. (CVE-2016-7995)

Li Qiang discovered that QEMU incorrectly handled USB xHCI controller support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8576)

Li Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pfs) support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8577, CVE-2016-8578)

It was discovered that QEMU incorrectly handled Rocker switch emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8668)

It was discovered that QEMU incorrectly handled Intel HDA controller emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2016-8909)

Andrew Henderson discovered that QEMU incorrectly handled RTL8139 ethernet controller emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2016-8910)

Li Qiang discovered that QEMU incorrectly handled Intel i8255x ethernet controller emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2016-9101)

Li Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pfs) support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2016-9102, CVE-2016-9104, CVE-2016-9105)

Li Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pfs) support. A privileged attacker inside the guest could use this issue to possibly to obtain sensitive host memory. (CVE-2016-9103)

Li Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pfs) support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9106)

References
https://ubuntu.com/security/notices/USN-3125-1 ADVISORY
https://ubuntu.com/security/CVE-2016-5403 REPORT
https://ubuntu.com/security/CVE-2016-6833 REPORT
https://ubuntu.com/security/CVE-2016-6834 REPORT
https://ubuntu.com/security/CVE-2016-6835 REPORT
https://ubuntu.com/security/CVE-2016-6836 REPORT
https://ubuntu.com/security/CVE-2016-6888 REPORT
https://ubuntu.com/security/CVE-2016-7116 REPORT
https://ubuntu.com/security/CVE-2016-7155 REPORT
https://ubuntu.com/security/CVE-2016-7156 REPORT
https://ubuntu.com/security/CVE-2016-7157 REPORT
https://ubuntu.com/security/CVE-2016-7161 REPORT
https://ubuntu.com/security/CVE-2016-7170 REPORT
https://ubuntu.com/security/CVE-2016-7421 REPORT
https://ubuntu.com/security/CVE-2016-7422 REPORT
https://ubuntu.com/security/CVE-2016-7423 REPORT
https://ubuntu.com/security/CVE-2016-7466 REPORT
https://ubuntu.com/security/CVE-2016-7908 REPORT
https://ubuntu.com/security/CVE-2016-7909 REPORT
https://ubuntu.com/security/CVE-2016-7994 REPORT
https://ubuntu.com/security/CVE-2016-7995 REPORT
https://ubuntu.com/security/CVE-2016-8576 REPORT
https://ubuntu.com/security/CVE-2016-8577 REPORT
https://ubuntu.com/security/CVE-2016-8578 REPORT
https://ubuntu.com/security/CVE-2016-8668 REPORT
https://ubuntu.com/security/CVE-2016-8909 REPORT
https://ubuntu.com/security/CVE-2016-8910 REPORT
https://ubuntu.com/security/CVE-2016-9101 REPORT
https://ubuntu.com/security/CVE-2016-9102 REPORT
https://ubuntu.com/security/CVE-2016-9103 REPORT
https://ubuntu.com/security/CVE-2016-9104 REPORT
https://ubuntu.com/security/CVE-2016-9105 REPORT
https://ubuntu.com/security/CVE-2016-9106 REPORT

{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2016-5403",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-6833",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-6834",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-6835",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-6836",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-6888",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-7116",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-7155",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-7156",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-7161",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-7170",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-7421",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-7908",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-7909",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-8576",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-8577",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-8578",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-8909",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-8910",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-9101",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-9102",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-9103",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-9104",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-9105",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-9106",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:14.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "qemu",
            "binary_version": "2.0.0+dfsg-2ubuntu1.30"
          },
          {
            "binary_name": "qemu-common",
            "binary_version": "2.0.0+dfsg-2ubuntu1.30"
          },
          {
            "binary_name": "qemu-guest-agent",
            "binary_version": "2.0.0+dfsg-2ubuntu1.30"
          },
          {
            "binary_name": "qemu-keymaps",
            "binary_version": "2.0.0+dfsg-2ubuntu1.30"
          },
          {
            "binary_name": "qemu-kvm",
            "binary_version": "2.0.0+dfsg-2ubuntu1.30"
          },
          {
            "binary_name": "qemu-system",
            "binary_version": "2.0.0+dfsg-2ubuntu1.30"
          },
          {
            "binary_name": "qemu-system-aarch64",
            "binary_version": "2.0.0+dfsg-2ubuntu1.30"
          },
          {
            "binary_name": "qemu-system-arm",
            "binary_version": "2.0.0+dfsg-2ubuntu1.30"
          },
          {
            "binary_name": "qemu-system-common",
            "binary_version": "2.0.0+dfsg-2ubuntu1.30"
          },
          {
            "binary_name": "qemu-system-mips",
            "binary_version": "2.0.0+dfsg-2ubuntu1.30"
          },
          {
            "binary_name": "qemu-system-misc",
            "binary_version": "2.0.0+dfsg-2ubuntu1.30"
          },
          {
            "binary_name": "qemu-system-ppc",
            "binary_version": "2.0.0+dfsg-2ubuntu1.30"
          },
          {
            "binary_name": "qemu-system-sparc",
            "binary_version": "2.0.0+dfsg-2ubuntu1.30"
          },
          {
            "binary_name": "qemu-system-x86",
            "binary_version": "2.0.0+dfsg-2ubuntu1.30"
          },
          {
            "binary_name": "qemu-user",
            "binary_version": "2.0.0+dfsg-2ubuntu1.30"
          },
          {
            "binary_name": "qemu-user-static",
            "binary_version": "2.0.0+dfsg-2ubuntu1.30"
          },
          {
            "binary_name": "qemu-utils",
            "binary_version": "2.0.0+dfsg-2ubuntu1.30"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:14.04:LTS",
        "name": "qemu",
        "purl": "pkg:deb/ubuntu/qemu@2.0.0+dfsg-2ubuntu1.30?arch=source\u0026distro=trusty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.0+dfsg-2ubuntu1.30"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.5.0+dfsg-3ubuntu5",
        "1.5.0+dfsg-3ubuntu6",
        "1.6.0+dfsg-2ubuntu1",
        "1.6.0+dfsg-2ubuntu2",
        "1.6.0+dfsg-2ubuntu3",
        "1.6.0+dfsg-2ubuntu4",
        "1.7.0+dfsg-2ubuntu1",
        "1.7.0+dfsg-2ubuntu2",
        "1.7.0+dfsg-2ubuntu3",
        "1.7.0+dfsg-2ubuntu4",
        "1.7.0+dfsg-2ubuntu5",
        "1.7.0+dfsg-2ubuntu7",
        "1.7.0+dfsg-2ubuntu8",
        "1.7.0+dfsg-2ubuntu9",
        "1.7.0+dfsg-3ubuntu1~ppa1",
        "1.7.0+dfsg-3ubuntu1",
        "1.7.0+dfsg-3ubuntu2",
        "1.7.0+dfsg-3ubuntu3",
        "1.7.0+dfsg-3ubuntu4",
        "1.7.0+dfsg-3ubuntu5",
        "1.7.0+dfsg-3ubuntu6",
        "1.7.0+dfsg-3ubuntu7",
        "2.0.0~rc1+dfsg-0ubuntu1",
        "2.0.0~rc1+dfsg-0ubuntu2",
        "2.0.0~rc1+dfsg-0ubuntu3",
        "2.0.0~rc1+dfsg-0ubuntu3.1",
        "2.0.0+dfsg-2ubuntu1",
        "2.0.0+dfsg-2ubuntu1.1",
        "2.0.0+dfsg-2ubuntu1.2",
        "2.0.0+dfsg-2ubuntu1.3",
        "2.0.0+dfsg-2ubuntu1.5",
        "2.0.0+dfsg-2ubuntu1.6",
        "2.0.0+dfsg-2ubuntu1.7",
        "2.0.0+dfsg-2ubuntu1.8",
        "2.0.0+dfsg-2ubuntu1.9",
        "2.0.0+dfsg-2ubuntu1.10",
        "2.0.0+dfsg-2ubuntu1.11",
        "2.0.0+dfsg-2ubuntu1.13",
        "2.0.0+dfsg-2ubuntu1.14",
        "2.0.0+dfsg-2ubuntu1.15",
        "2.0.0+dfsg-2ubuntu1.16",
        "2.0.0+dfsg-2ubuntu1.17",
        "2.0.0+dfsg-2ubuntu1.18",
        "2.0.0+dfsg-2ubuntu1.19",
        "2.0.0+dfsg-2ubuntu1.20",
        "2.0.0+dfsg-2ubuntu1.21",
        "2.0.0+dfsg-2ubuntu1.22",
        "2.0.0+dfsg-2ubuntu1.24",
        "2.0.0+dfsg-2ubuntu1.25",
        "2.0.0+dfsg-2ubuntu1.26",
        "2.0.0+dfsg-2ubuntu1.27",
        "2.0.0+dfsg-2ubuntu1.28",
        "2.0.0+dfsg-2ubuntu1.29"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2016-5403",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-6833",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-6834",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-6835",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-6836",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-6888",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-7116",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-7155",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-7156",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-7161",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-7170",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-7421",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-7466",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-7908",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-7909",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-7994",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-8576",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-8577",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-8578",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-8668",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-8909",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-8910",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-9101",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-9102",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-9103",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-9104",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-9105",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-9106",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:16.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "qemu",
            "binary_version": "1:2.5+dfsg-5ubuntu10.6"
          },
          {
            "binary_name": "qemu-block-extra",
            "binary_version": "1:2.5+dfsg-5ubuntu10.6"
          },
          {
            "binary_name": "qemu-guest-agent",
            "binary_version": "1:2.5+dfsg-5ubuntu10.6"
          },
          {
            "binary_name": "qemu-kvm",
            "binary_version": "1:2.5+dfsg-5ubuntu10.6"
          },
          {
            "binary_name": "qemu-system",
            "binary_version": "1:2.5+dfsg-5ubuntu10.6"
          },
          {
            "binary_name": "qemu-system-aarch64",
            "binary_version": "1:2.5+dfsg-5ubuntu10.6"
          },
          {
            "binary_name": "qemu-system-arm",
            "binary_version": "1:2.5+dfsg-5ubuntu10.6"
          },
          {
            "binary_name": "qemu-system-common",
            "binary_version": "1:2.5+dfsg-5ubuntu10.6"
          },
          {
            "binary_name": "qemu-system-mips",
            "binary_version": "1:2.5+dfsg-5ubuntu10.6"
          },
          {
            "binary_name": "qemu-system-misc",
            "binary_version": "1:2.5+dfsg-5ubuntu10.6"
          },
          {
            "binary_name": "qemu-system-ppc",
            "binary_version": "1:2.5+dfsg-5ubuntu10.6"
          },
          {
            "binary_name": "qemu-system-s390x",
            "binary_version": "1:2.5+dfsg-5ubuntu10.6"
          },
          {
            "binary_name": "qemu-system-sparc",
            "binary_version": "1:2.5+dfsg-5ubuntu10.6"
          },
          {
            "binary_name": "qemu-system-x86",
            "binary_version": "1:2.5+dfsg-5ubuntu10.6"
          },
          {
            "binary_name": "qemu-user",
            "binary_version": "1:2.5+dfsg-5ubuntu10.6"
          },
          {
            "binary_name": "qemu-user-binfmt",
            "binary_version": "1:2.5+dfsg-5ubuntu10.6"
          },
          {
            "binary_name": "qemu-user-static",
            "binary_version": "1:2.5+dfsg-5ubuntu10.6"
          },
          {
            "binary_name": "qemu-utils",
            "binary_version": "1:2.5+dfsg-5ubuntu10.6"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:16.04:LTS",
        "name": "qemu",
        "purl": "pkg:deb/ubuntu/qemu@1:2.5+dfsg-5ubuntu10.6?arch=source\u0026distro=xenial"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.5+dfsg-5ubuntu10.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1:2.3+dfsg-5ubuntu9",
        "1:2.3+dfsg-5ubuntu10",
        "1:2.4+dfsg-4ubuntu1",
        "1:2.4+dfsg-4ubuntu2",
        "1:2.4+dfsg-4ubuntu3",
        "1:2.4+dfsg-5ubuntu3",
        "1:2.5+dfsg-1ubuntu2",
        "1:2.5+dfsg-1ubuntu3",
        "1:2.5+dfsg-1ubuntu4",
        "1:2.5+dfsg-1ubuntu5",
        "1:2.5+dfsg-5ubuntu1",
        "1:2.5+dfsg-5ubuntu2",
        "1:2.5+dfsg-5ubuntu4",
        "1:2.5+dfsg-5ubuntu6",
        "1:2.5+dfsg-5ubuntu7",
        "1:2.5+dfsg-5ubuntu10",
        "1:2.5+dfsg-5ubuntu10.1",
        "1:2.5+dfsg-5ubuntu10.2",
        "1:2.5+dfsg-5ubuntu10.3",
        "1:2.5+dfsg-5ubuntu10.4",
        "1:2.5+dfsg-5ubuntu10.5"
      ]
    }
  ],
  "aliases": [],
  "details": "Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\nconsume resources, resulting in a denial of service. (CVE-2016-5403)\n\nLi Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network\ncard emulation support. A privileged attacker inside the guest could use\nthis issue to cause QEMU to crash, resulting in a denial of service. This\nissue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.\n(CVE-2016-6833, CVE-2016-6834, CVE-2016-6888)\n\nLi Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network\ncard emulation support. A privileged attacker inside the guest could use\nthis issue to cause QEMU to crash, resulting in a denial of service, or\npossibly execute arbitrary code on the host. In the default installation,\nwhen QEMU is used with libvirt, attackers would be isolated by the libvirt\nAppArmor profile. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04\nLTS and Ubuntu 16.10. (CVE-2016-6835)\n\nLi Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network\ncard emulation support. A privileged attacker inside the guest could use\nthis issue to possibly to obtain sensitive host memory. This issue only\naffected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.\n(CVE-2016-6836)\n\nFelix Wilhelm discovered that QEMU incorrectly handled Plan 9 File System\n(9pfs) support. A privileged attacker inside the guest could use this issue\nto possibly to obtain sensitive host files. (CVE-2016-7116)\n\nLi Qiang and Tom Victor discovered that QEMU incorrectly handled VMWARE\nPVSCSI paravirtual SCSI bus emulation support. A privileged attacker inside\nthe guest could use this issue to cause QEMU to crash, resulting in a\ndenial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04\nLTS and Ubuntu 16.10. (CVE-2016-7155)\n\nLi Qiang discovered that QEMU incorrectly handled VMWARE PVSCSI paravirtual\nSCSI bus emulation support. A privileged attacker inside the guest could\nuse this issue to cause QEMU to crash, resulting in a denial of service.\nThis issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu\n16.10. (CVE-2016-7156, CVE-2016-7421)\n\nTom Victor discovered that QEMU incorrectly handled LSI SAS1068 host bus\nemulation support. A privileged attacker inside the guest could use this\nissue to cause QEMU to crash, resulting in a denial of service.\nThis issue only affected Ubuntu 16.10. (CVE-2016-7157)\n\nHu Chaojian discovered that QEMU incorrectly handled xlnx.xps-ethernetlite\nemulation support. A privileged attacker inside the guest could use this\nissue to cause QEMU to crash, resulting in a denial of service, or possibly\nexecute arbitrary code on the host. In the default installation, when QEMU\nis used with libvirt, attackers would be isolated by the libvirt AppArmor\nprofile. (CVE-2016-7161)\n\nQinghao Tang and Li Qiang discovered that QEMU incorrectly handled the\nVMWare VGA module. A privileged attacker inside the guest could use this\nissue to cause QEMU to crash, resulting in a denial of service.\n(CVE-2016-7170)\n\nQinghao Tang and Zhenhao Hong discovered that QEMU incorrectly handled the\nVirtio module. A privileged attacker inside the guest could use this issue\nto cause QEMU to crash, resulting in a denial of service. This issue only\naffected Ubuntu 16.10. (CVE-2016-7422)\n\nLi Qiang discovered that QEMU incorrectly handled LSI SAS1068 host bus\nemulation support. A privileged attacker inside the guest could use this\nissue to cause QEMU to crash, resulting in a denial of service.\nThis issue only affected Ubuntu 16.10. (CVE-2016-7423)\n\nLi Qiang discovered that QEMU incorrectly handled USB xHCI controller\nemulation support. A privileged attacker inside the guest could use this\nissue to cause QEMU to crash, resulting in a denial of service.\nThis issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7466)\n\nLi Qiang discovered that QEMU incorrectly handled ColdFire Fast Ethernet\nController emulation support. A privileged attacker inside the guest could\nuse this issue to cause QEMU to crash, resulting in a denial of service.\n(CVE-2016-7908)\n\nLi Qiang discovered that QEMU incorrectly handled AMD PC-Net II emulation\nsupport. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. (CVE-2016-7909)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU support. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\nconsume resources, resulting in a denial of service. This issue only\naffected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7994)\n\nLi Qiang discovered that QEMU incorrectly handled USB EHCI emulation\nsupport. A privileged attacker inside the guest could use this issue to\ncause QEMU to consume resources, resulting in a denial of service. This\nissue only affected Ubuntu 16.10. (CVE-2016-7995)\n\nLi Qiang discovered that QEMU incorrectly handled USB xHCI controller\nsupport. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. This issue only\naffected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.\n(CVE-2016-8576)\n\nLi Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pfs)\nsupport. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. This issue only\naffected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.\n(CVE-2016-8577, CVE-2016-8578)\n\nIt was discovered that QEMU incorrectly handled Rocker switch emulation\nsupport. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. This issue only\naffected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8668)\n\nIt was discovered that QEMU incorrectly handled Intel HDA controller\nemulation support. A privileged attacker inside the guest could use this\nissue to cause QEMU to consume resources, resulting in a denial of service.\n(CVE-2016-8909)\n\nAndrew Henderson discovered that QEMU incorrectly handled RTL8139 ethernet\ncontroller emulation support. A privileged attacker inside the guest could\nuse this issue to cause QEMU to consume resources, resulting in a denial of\nservice. (CVE-2016-8910)\n\nLi Qiang discovered that QEMU incorrectly handled Intel i8255x ethernet\ncontroller emulation support. A privileged attacker inside the guest could\nuse this issue to cause QEMU to consume resources, resulting in a denial of\nservice. (CVE-2016-9101)\n\nLi Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pfs)\nsupport. A privileged attacker inside the guest could use this issue to\ncause QEMU to consume resources, resulting in a denial of service.\n(CVE-2016-9102, CVE-2016-9104, CVE-2016-9105)\n\nLi Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pfs)\nsupport. A privileged attacker inside the guest could use this issue to\npossibly to obtain sensitive host memory. (CVE-2016-9103)\n\nLi Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pfs)\nsupport. A privileged attacker inside the guest could use this issue to\ncause QEMU to consume resources, resulting in a denial of service. This\nissue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.\n(CVE-2016-9106)\n",
  "id": "USN-3125-1",
  "modified": "2026-02-10T04:41:03Z",
  "published": "2016-11-09T18:30:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-3125-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-5403"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-6833"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-6834"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-6835"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-6836"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-6888"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-7116"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-7155"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-7156"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-7157"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-7161"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-7170"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-7421"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-7422"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-7423"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-7466"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-7908"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-7909"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-7994"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-7995"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-8576"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-8577"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-8578"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-8668"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-8909"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-8910"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-9101"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-9102"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-9103"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-9104"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-9105"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-9106"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "qemu, qemu-kvm vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2016-5403",
    "UBUNTU-CVE-2016-6833",
    "UBUNTU-CVE-2016-6834",
    "UBUNTU-CVE-2016-6835",
    "UBUNTU-CVE-2016-6836",
    "UBUNTU-CVE-2016-6888",
    "UBUNTU-CVE-2016-7116",
    "UBUNTU-CVE-2016-7155",
    "UBUNTU-CVE-2016-7156",
    "UBUNTU-CVE-2016-7157",
    "UBUNTU-CVE-2016-7161",
    "UBUNTU-CVE-2016-7170",
    "UBUNTU-CVE-2016-7421",
    "UBUNTU-CVE-2016-7422",
    "UBUNTU-CVE-2016-7423",
    "UBUNTU-CVE-2016-7466",
    "UBUNTU-CVE-2016-7908",
    "UBUNTU-CVE-2016-7909",
    "UBUNTU-CVE-2016-7994",
    "UBUNTU-CVE-2016-7995",
    "UBUNTU-CVE-2016-8576",
    "UBUNTU-CVE-2016-8577",
    "UBUNTU-CVE-2016-8578",
    "UBUNTU-CVE-2016-8668",
    "UBUNTU-CVE-2016-8909",
    "UBUNTU-CVE-2016-8910",
    "UBUNTU-CVE-2016-9101",
    "UBUNTU-CVE-2016-9102",
    "UBUNTU-CVE-2016-9103",
    "UBUNTU-CVE-2016-9104",
    "UBUNTU-CVE-2016-9105",
    "UBUNTU-CVE-2016-9106"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…