Back to search
CVE-2016-1922
Published: Dec 29, 2016
Modified: Aug 5, 2024
PUBLISHED
Description
QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference. A user or process could use this flaw to crash the QEMU instance, resulting in DoS issue.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20160116 CVE request Qemu: i386: null pointer dereference in vapic_write
mailing-list
x_refsource_MLIST
GLSA-201604-01
vendor-advisory
x_refsource_GENTOO
[oss-security] 20160116 Re: CVE request Qemu: i386: null pointer dereference in vapic_write
mailing-list
x_refsource_MLIST
DSA-3469
vendor-advisory
x_refsource_DEBIAN
DSA-3470
vendor-advisory
x_refsource_DEBIAN
DSA-3471
vendor-advisory
x_refsource_DEBIAN
[qemu-devel] 20160115 [PULL] i386: avoid null pointer dereference
mailing-list
x_refsource_MLIST
81058
vdb-entry
x_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=1283934
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now