vulnerability
SUSE: CVE-2016-2538: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:L/Au:N/C:P/I:N/A:P) | Mar 24, 2016 | Mar 28, 2016 | Feb 4, 2022 |
Severity
4
CVSS
(AV:L/AC:L/Au:N/C:P/I:N/A:P)
Published
Mar 24, 2016
Added
Mar 28, 2016
Modified
Feb 4, 2022
Description
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.
Solutions
suse-upgrade-kvmsuse-upgrade-qemususe-upgrade-qemu-block-curlsuse-upgrade-qemu-block-rbdsuse-upgrade-qemu-guest-agentsuse-upgrade-qemu-ipxesuse-upgrade-qemu-kvmsuse-upgrade-qemu-langsuse-upgrade-qemu-ppcsuse-upgrade-qemu-s390suse-upgrade-qemu-seabiossuse-upgrade-qemu-sgabiossuse-upgrade-qemu-toolssuse-upgrade-qemu-vgabiossuse-upgrade-qemu-x86suse-upgrade-xensuse-upgrade-xen-develsuse-upgrade-xen-doc-htmlsuse-upgrade-xen-doc-pdfsuse-upgrade-xen-kmp-defaultsuse-upgrade-xen-kmp-paesuse-upgrade-xen-libssuse-upgrade-xen-libs-32bitsuse-upgrade-xen-toolssuse-upgrade-xen-tools-domususe-upgrade-xen-tools-xendomains-wait-disk
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.