CVE-2016-6835
First published: Mon Aug 22 2016(Updated: )
Quick Emulator(Qemu) built with the VMWARE VMXNET3 NIC device support is vulnerable to an OOB access issue. In that it does not check if packet headers does not check for IP header length. It could lead to a OOB access when reading further packet data. A privileged user inside guest could use this issue to crash the Qemu process instance or potentially execute arbitrary code on the host, with privileges of the Qemu process. Upstream patch: --------------- -> <a href="https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html">https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html</a> Reference: ---------- -> <a href="http://www.openwall.com/lists/oss-security/2016/08/18/4">http://www.openwall.com/lists/oss-security/2016/08/18/4</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QEMU KVM | <2.6.0 | |
| Red Hat Enterprise Virtualization | =4.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| Debian Debian Linux | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=93060258ae748573ca7197204125a2670047896d
- http://www.openwall.com/lists/oss-security/2016/08/11/7
- http://www.openwall.com/lists/oss-security/2016/08/18/4
- https://access.redhat.com/errata/RHSA-2017:2392
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1369015
- https://bugzilla.redhat.com/show_bug.cgi?id=1369012
Frequently Asked Questions
What is the severity of CVE-2016-6835?
CVE-2016-6835 is considered a medium-severity vulnerability due to its potential for out-of-bounds (OOB) access.
How do I fix CVE-2016-6835?
To fix CVE-2016-6835, upgrade QEMU to a version higher than 2.6.0 that addresses this vulnerability.
Which versions of QEMU are affected by CVE-2016-6835?
CVE-2016-6835 affects QEMU versions prior to 2.6.0.
What type of systems are impacted by CVE-2016-6835?
CVE-2016-6835 impacts systems running QEMU with VMWARE VMXNET3 NIC device support.
Who can exploit CVE-2016-6835?
CVE-2016-6835 can be exploited by a privileged user inside a guest operating system.
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-6835
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/remedy
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/qemu
- canonical/qemu kvm
- vendor/redhat
- canonical/red hat enterprise virtualization
- version/red hat enterprise virtualization/4.0
- canonical/red hat enterprise linux
- version/red hat enterprise linux/7.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0