What is the severity of CVE-2016-9907?

CVE-2016-9907 has a medium severity rating due to its potential to cause a denial of service by leaking host memory.

How do I fix CVE-2016-9907?

To fix CVE-2016-9907, update QEMU to version 2.8 or later, or apply the relevant patches provided by your Linux distribution.

Which versions of QEMU are affected by CVE-2016-9907?

QEMU versions up to 2.7.1 are affected by CVE-2016-9907.

What can happen if CVE-2016-9907 is exploited?

If exploited, CVE-2016-9907 can lead to memory leakage, resulting in a denial of service for the host machine.

Is CVE-2016-9907 present in Red Hat OpenStack?

Yes, CVE-2016-9907 affects several versions of Red Hat OpenStack, including versions 6.0 through 11.

Vulnerability/
CVE-2016-9907

medium

6.5

CWE

772

7/12/2016

23/12/2016

6/8/2024

CVE-2016-9907

First published: Wed Dec 07 2016(Updated: )

Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
QEMU	<=2.7.1
Debian	=8.0
Red Hat OpenStack for IBM Power	=6.0
Red Hat OpenStack for IBM Power	=7.0
Red Hat OpenStack for IBM Power	=8
Red Hat OpenStack for IBM Power	=9
Red Hat OpenStack for IBM Power	=10
Red Hat OpenStack for IBM Power	=11
Red Hat Enterprise Virtualization	=4.0
Red Hat Enterprise Linux	=7.0

Remedy

http://www.openwall.com/lists/oss-security/2016/12/08/3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-9907?
CVE-2016-9907 has a medium severity rating due to its potential to cause a denial of service by leaking host memory.
How do I fix CVE-2016-9907?
To fix CVE-2016-9907, update QEMU to version 2.8 or later, or apply the relevant patches provided by your Linux distribution.
Which versions of QEMU are affected by CVE-2016-9907?
QEMU versions up to 2.7.1 are affected by CVE-2016-9907.
What can happen if CVE-2016-9907 is exploited?
If exploited, CVE-2016-9907 can lead to memory leakage, resulting in a denial of service for the host machine.
Is CVE-2016-9907 present in Red Hat OpenStack?
Yes, CVE-2016-9907 affects several versions of Red Hat OpenStack, including versions 6.0 through 11.

agent/type
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2016-9907
agent/first-publish-date
agent/references
collector/mitre-cve
source/MITRE
agent/remedy
agent/author
agent/last-modified-date
agent/severity
agent/weakness
agent/event
agent/description
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/qemu
canonical/qemu
version/qemu/2.7.1
vendor/debian
canonical/debian
version/debian/8.0
vendor/redhat
canonical/red hat openstack for ibm power
version/red hat openstack for ibm power/6.0
version/red hat openstack for ibm power/7.0
version/red hat openstack for ibm power/8
version/red hat openstack for ibm power/9
version/red hat openstack for ibm power/10
version/red hat openstack for ibm power/11
canonical/red hat enterprise virtualization
version/red hat enterprise virtualization/4.0
canonical/red hat enterprise linux
version/red hat enterprise linux/7.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.