CVE-2016-8576

MEDIUM6.0EPSS 0.10%

qemu-kvm - security update

發布日:2016/11/4修改日:2026/4/28

描述

The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.

受影響套件(4)

Alpine/qemufrom 0, < 2.8.1-r1
Debian/qemufrom 0, < 1:2.8+dfsg-1
Debian/qemufrom 0, < 1.1.2+dfsg-6+deb7u17
Debian/qemu-kvmfrom 0, < 1.1.2+dfsg-6+deb7u17

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.0	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

參考連結(2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2016-8576
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-8576