CVE-2016-2858

Loading...

General

Score:1.9/10.0
Severity:Low
Category:Buffer Error

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Local
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2014-3615, CVE-2014-3689, CVE-2014-9718, CVE-2015-3214, CVE-2015-5239, CVE-2015-5278, CVE-2015-5279, CVE-2015-5745, CVE-2015-6855, CVE-2015-7295, CVE-2015-7549, CVE-2015-8504, CVE-2015-8558, CVE-2015-8567, CVE-2015-8568, CVE-2015-8613, CVE-2015-8619, CVE-2015-8743, CVE-2015-8744, CVE-2015-8745, CVE-2015-8817, CVE-2015-8818, CVE-2016-1568, CVE-2016-1714, CVE-2016-1922, CVE-2016-1981, CVE-2016-2197, CVE-2016-2198, CVE-2016-2391, CVE-2016-2392, CVE-2016-2538, CVE-2016-2841, CVE-2016-2857, CVE-2016-3710, CVE-2016-3712, CVE-2016-4001, CVE-2016-4002, CVE-2016-4020, CVE-2016-4037, CVE-2016-4439, CVE-2016-4441, CVE-2016-4952

Published on 07/04/16 - Updated on 01/07/17

Description

QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.

Category: Buffer Error

CWE-119 (Buffer Errors)
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Security Notices

US National Vulnerability DatabaseCVE-2016-2858
SUSE SUSE-SU-2016:1560, SUSE-SU-2016:1698, SUSE-SU-2016:1703, SUSE-SU-2016:1785
Ubuntu USN-2974-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
canonicalubuntu_linux
qemuqemu

Share this vulnerability with:

Twitter Facebook LinkedIn Mail