[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2016-1714Date: (C)2016-04-28   (M)2024-04-19


The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 8.1CVSS Score : 6.9
Exploit Score: 1.4Exploit Score: 3.4
Impact Score: 6.0Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: LOCAL
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: COMPLETE
Scope: CHANGEDIntegrity: COMPLETE
Confidentiality: HIGHAvailability: COMPLETE
Integrity: HIGH 
Availability: HIGH 
  
Reference:
SECTRACK-1034858
BID-80250
DSA-3469
DSA-3470
DSA-3471
GLSA-201604-01
RHSA-2016:0081
RHSA-2016:0082
RHSA-2016:0083
RHSA-2016:0084
RHSA-2016:0085
RHSA-2016:0086
RHSA-2016:0087
RHSA-2016:0088
https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html
http://www.openwall.com/lists/oss-security/2016/01/11/7
http://www.openwall.com/lists/oss-security/2016/01/12/10
http://www.openwall.com/lists/oss-security/2016/01/12/11
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

CWE    1
CWE-119
OVAL    19
oval:org.secpod.oval:def:110318
oval:org.secpod.oval:def:110310
oval:org.secpod.oval:def:203834
oval:org.secpod.oval:def:203835
...

© SecPod Technologies