CVE-2016-5403
First published: Wed Jul 20 2016(Updated: )
It was found that a malicious guest user could submit more requests than the virtqueue size permits, resulting in a crash of the host QEMU process. The guest could submit requests without bothering to wait for completion and is therefore not bound by virtqueue size. This requires reusing vring descriptors in more than one request, which is incorrect but possible. Processing a request allocates a VirtQueueElement and therefore causes unbounded memory allocation controlled by the guest. Exit with an error if the guest provides more requests than the virtqueue size permits. This bounds memory allocation and makes the buggy guest visible to the user. Upstream patch -------------- -> git.qemu.org/?p=qemu.git;a=commit;h=afd9096eb1882f23929f5b5c177898ed231bac66
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =16.04 | |
| Oracle Linux | =5 | |
| Oracle Linux | =6 | |
| Oracle Linux | =7 | |
| Oracle VM Server | =3.4 | |
| QEMU KVM | <=2.6.0 | |
| QEMU KVM | =2.7.0-rc0 | |
| Debian | =8.0 | |
| redhat openstack | =5.0 | |
| redhat openstack | =6.0 | |
| redhat openstack | =7.0 | |
| redhat openstack | =8 | |
| redhat openstack | =9 | |
| Red Hat Enterprise Virtualization | =3.0 | |
| redhat enterprise Linux desktop | =6.0 | |
| redhat enterprise Linux desktop | =7.0 | |
| redhat enterprise Linux server | =6.0 | |
| redhat enterprise Linux server | =7.0 | |
| redhat enterprise Linux server aus | =7.2 | |
| redhat enterprise Linux server aus | =7.3 | |
| redhat enterprise Linux server aus | =7.4 | |
| redhat enterprise Linux server aus | =7.5 | |
| redhat enterprise Linux server aus | =7.6 | |
| redhat enterprise Linux server aus | =7.7 | |
| redhat enterprise Linux server eus | =7.2 | |
| redhat enterprise Linux server eus | =7.3 | |
| redhat enterprise Linux server eus | =7.4 | |
| redhat enterprise Linux server eus | =7.5 | |
| redhat enterprise Linux server eus | =7.6 | |
| redhat enterprise Linux server eus | =7.7 | |
| redhat enterprise Linux server tus | =7.2 | |
| redhat enterprise Linux server tus | =7.3 | |
| redhat enterprise Linux server tus | =7.6 | |
| redhat enterprise Linux server tus | =7.7 | |
| redhat enterprise Linux workstation | =6.0 | |
| redhat enterprise Linux workstation | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1182139
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1182139&action=edit
- https://access.redhat.com/security/cve/CVE-2016-5403
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1360831
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1360830
- https://rhn.redhat.com/errata/RHSA-2016-1586.html
- https://rhn.redhat.com/errata/RHSA-2016-1585.html
- https://rhn.redhat.com/errata/RHSA-2016-1606.html
- https://rhn.redhat.com/errata/RHSA-2016-1607.html
- https://www.redhat.com/archives/libvir-list/2016-August/msg00406.html
- https://rhn.redhat.com/errata/RHSA-2016-1655.html
- https://rhn.redhat.com/errata/RHSA-2016-1654.html
- https://rhn.redhat.com/errata/RHSA-2016-1653.html
- https://rhn.redhat.com/errata/RHSA-2016-1652.html
- https://rhn.redhat.com/errata/RHSA-2016-1756.html
- https://rhn.redhat.com/errata/RHSA-2016-1763.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1371943
- https://rhn.redhat.com/errata/RHSA-2016-1943.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1358359#c26
- https://bugzilla.redhat.com/show_bug.cgi?id=1358359
- http://rhn.redhat.com/errata/RHSA-2016-1585.html
- http://rhn.redhat.com/errata/RHSA-2016-1586.html
- http://rhn.redhat.com/errata/RHSA-2016-1606.html
- http://rhn.redhat.com/errata/RHSA-2016-1607.html
- http://rhn.redhat.com/errata/RHSA-2016-1652.html
- http://rhn.redhat.com/errata/RHSA-2016-1653.html
- http://rhn.redhat.com/errata/RHSA-2016-1654.html
- http://rhn.redhat.com/errata/RHSA-2016-1655.html
- http://rhn.redhat.com/errata/RHSA-2016-1756.html
- http://rhn.redhat.com/errata/RHSA-2016-1763.html
- http://rhn.redhat.com/errata/RHSA-2016-1943.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/92148
- http://www.securitytracker.com/id/1036476
- http://www.ubuntu.com/usn/USN-3047-1
- http://www.ubuntu.com/usn/USN-3047-2
- http://xenbits.xen.org/xsa/advisory-184.html
- https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html
Frequently Asked Questions
What is the severity of CVE-2016-5403?
CVE-2016-5403 is considered high severity due to the potential for a malicious guest user to crash the host QEMU process.
How do I fix CVE-2016-5403?
To fix CVE-2016-5403, ensure you update QEMU to a version higher than 2.6.0 or apply available patches from your operating system vendor.
What systems are affected by CVE-2016-5403?
CVE-2016-5403 affects various versions of Ubuntu, Oracle Linux, Debian, Red Hat OpenStack, and Red Hat Enterprise Linux, among others.
Can CVE-2016-5403 lead to data loss?
Yes, a successful exploit of CVE-2016-5403 could result in a denial of service which may lead to data loss if host systems crash.
Is there a known exploit for CVE-2016-5403?
There are no publicly documented exploits for CVE-2016-5403, but the vulnerability's nature presents risks if unpatched.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/remedy
- agent/weakness
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-5403
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/16.04
- vendor/oracle
- canonical/oracle linux
- version/oracle linux/5
- version/oracle linux/6
- version/oracle linux/7
- canonical/oracle vm server
- version/oracle vm server/3.4
- vendor/qemu
- canonical/qemu kvm
- version/qemu kvm/2.6.0
- version/qemu kvm/2.7.0-rc0
- vendor/debian
- canonical/debian
- version/debian/8.0
- vendor/redhat
- canonical/redhat openstack
- version/redhat openstack/5.0
- version/redhat openstack/6.0
- version/redhat openstack/7.0
- version/redhat openstack/8
- version/redhat openstack/9
- canonical/red hat enterprise virtualization
- version/red hat enterprise virtualization/3.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/7.2
- version/redhat enterprise linux server aus/7.3
- version/redhat enterprise linux server aus/7.4
- version/redhat enterprise linux server aus/7.5
- version/redhat enterprise linux server aus/7.6
- version/redhat enterprise linux server aus/7.7
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/7.2
- version/redhat enterprise linux server eus/7.3
- version/redhat enterprise linux server eus/7.4
- version/redhat enterprise linux server eus/7.5
- version/redhat enterprise linux server eus/7.6
- version/redhat enterprise linux server eus/7.7
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/7.2
- version/redhat enterprise linux server tus/7.3
- version/redhat enterprise linux server tus/7.6
- version/redhat enterprise linux server tus/7.7
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- version/redhat enterprise linux workstation/7.0