QwikSec

Security Database

CVE

CWE

Training

CVE-2016-8576

Published: Nov 4, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[qemu-devel] 20161007 Re: [PATCH] usb: xHCI: add check to limit command TRB processing

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_GENTOO

[oss-security] 20161010 CVE request Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

openSUSE-SU-2016:3237

vendor-advisory

x_refsource_SUSE

[oss-security] 20161010 Re: CVE request Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=05f43d44e4bc26611ce25fd7d726e483f73363ce

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.