QEMU IO Descriptor Buffer hw/virtio/virtio.c virtqueue_map_desc null pointer dereference
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
5.8 | $0-$5k | 0.00 |
A vulnerability has been found in QEMU (Virtualization Software) (version now known) and classified as problematic. Affected by this vulnerability is the function virtqueue_map_desc
of the file hw/virtio/virtio.c of the component IO Descriptor Buffer Handler. The manipulation with an unknown input leads to a null pointer dereference vulnerability. The CWE definition for the vulnerability is CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. As an impact it is known to affect availability. The summary by CVE is:
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.
The bug was discovered 12/09/2016. The weakness was shared 12/10/2016 by Qinghao Tang with 360.cn Inc. (Website). The advisory is shared at git.qemu.org. This vulnerability is known as CVE-2016-7422 since 09/09/2016. An attack has to be approached locally. Required for exploitation is a single authentication. Technical details are known, but no exploit is available.
The vulnerability scanner Nessus provides a plugin with the ID 94669 (Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : qemu, qemu-kvm vulnerabilities (USN-3125-1)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Ubuntu Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 276208 (Fedora Security Update for qemu (FEDORA-2016-a56fb613a8)).
Upgrading eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (94669) and SecurityFocus (BID 92996†). The entries VDB-92454, VDB-92520, VDB-93307 and VDB-93311 are related to this item.
Product
Type
Name
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.0VulDB Meta Temp Score: 5.8
VulDB Base Score: 6.0
VulDB Temp Score: 5.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 6.0
NVD Vector: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Null pointer dereferenceCWE: CWE-476 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Nessus ID: 94669
Nessus Name: Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : qemu, qemu-kvm vulnerabilities (USN-3125-1)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 65001
OpenVAS Name: Fedora Update for qemu FEDORA-2016-3d3218ec41
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Patch: 973e7170dddefb491a48df5cba33b2ae151013a0
Timeline
09/09/2016 🔍09/16/2016 🔍
11/09/2016 🔍
11/10/2016 🔍
12/09/2016 🔍
12/09/2016 🔍
12/10/2016 🔍
12/10/2016 🔍
10/05/2022 🔍
Sources
Product: qemu.orgAdvisory: USN-3125-1
Researcher: Qinghao Tang
Organization: 360.cn Inc.
Status: Not defined
Confirmation: 🔍
CVE: CVE-2016-7422 (🔍)
SecurityFocus: 92996 - QEMU CVE-2016-7422 Null Pointer Dereference Denial of Service Vulnerability
See also: 🔍
Entry
Created: 12/10/2016 01:38 PMUpdated: 10/05/2022 11:19 AM
Changes: 12/10/2016 01:38 PM (63), 06/22/2019 06:52 PM (17), 10/05/2022 11:12 AM (5), 10/05/2022 11:19 AM (1)
Complete: 🔍
Cache ID: 18:958:40
No comments yet. Languages: en.
Please log in to comment.