CVE-2016-7421

Loading...

General

Score:2.1/10.0
Severity:Low
Category:Resource Management Error

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Local
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2016-5403, CVE-2016-6833, CVE-2016-6834, CVE-2016-6835, CVE-2016-6836, CVE-2016-6888, CVE-2016-7116, CVE-2016-7155, CVE-2016-7156, CVE-2016-7157, CVE-2016-7161, CVE-2016-7170, CVE-2016-7422, CVE-2016-7423, CVE-2016-7466, CVE-2016-7908, CVE-2016-7909, CVE-2016-7994, CVE-2016-7995, CVE-2016-8576, CVE-2016-8577, CVE-2016-8578, CVE-2016-8667, CVE-2016-8668, CVE-2016-8669, CVE-2016-8909, CVE-2016-8910, CVE-2016-9101, CVE-2016-9102, CVE-2016-9103, CVE-2016-9104, CVE-2016-9105, CVE-2016-9106

Published on 10/12/16 - Updated on 01/07/17

Description

The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit process IO loop to the ring size.

Category: Resource Management Error

CWE-399 (Resource Management Errors)
Weaknesses in this category are related to improper management of system resources.

Security Notices

US National Vulnerability DatabaseCVE-2016-7421
SUSE SUSE-SU-2016:2936, SUSE-SU-2016:2988
Ubuntu USN-3125-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
qemuqemu

Share this vulnerability with:

Twitter Facebook LinkedIn Mail