CVE-2016-9102 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2016-9102

CVE-2016-9102

December 09, 2016

Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number.

Related Resources (10)

http://www.openwall.com/lists/oss-security/2016/10/30/6

http://www.openwall.com/lists/oss-security/2016/10/27/15

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff55e94d23ae94c8628b0115320157c763eb3e06

https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01861.html

https://security.gentoo.org/glsa/201611-11

https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9102

https://access.redhat.com/security/cve/CVE-2016-9102

http://www.securityfocus.com/bid/93962

https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html

https://security-tracker.debian.org/tracker/CVE-2016-9102

Do you need more information?

CVSS v4

Base Score:

8.1

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

HIGH

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

HIGH

CVSS v3

Base Score:

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

CVSS v2

Base Score:

2.1

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

Weakness Type (CWE)

Missing Release of Resource after Effective Lifetime

CWE-772

EPSS

Base Score:

0.10

Products

Solutions

Resources

Company

Compare

Developer Tools