CVE-2016-2858 Detail
Modified
This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.
Current Description
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.
Source:
MITRE
Description Last Modified:
06/16/2016
View Analysis Description
Analysis Description
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.
Source:
MITRE
Description Last Modified:
04/07/2016
Impact
CVSS v3.0 Severity and Metrics:
Base Score:
5.9 MEDIUM
Vector:
AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
(V3 legend)
Impact Score:
4.0
Exploitability Score:
1.4
Attack Vector (AV):
Local
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Changed
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High
CVSS v2.0 Severity and Metrics:
Base Score:
1.9 LOW
Vector:
(AV:L/AC:M/Au:N/C:N/I:N/A:P)
(V2 legend)
Impact Subscore:
2.9
Exploitability Subscore:
3.4
Access Vector (AV):
Local
Access Complexity (AC):
Medium
Authentication (AU):
None
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
Partial
Additional Information:
Allows disruption of service
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.
Change History
8 change records found
- show changes
CVE Modified by MITRE -
6/30/2017 9:29:41 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference |
|
https://security.gentoo.org/glsa/201604-01 [No Types Assigned] |
CVE Modified by MITRE -
11/28/2016 3:05:18 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference |
|
http://www.securityfocus.com/bid/84134 [No Types Assigned] |
Modified Analysis -
6/22/2016 7:42:57 PM
| Action |
Type |
Old Value |
New Value |
| Changed |
CPE Configuration |
Configuration 1
OR
*cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:* |
Configuration 1
OR
*cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
*cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
*cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
*cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
Configuration 2
OR
*cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:* |
CVE Modified by Source -
6/20/2016 9:59:31 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference |
|
http://www.ubuntu.com/usn/USN-2974-1 |
CVE Translated -
6/17/2016 7:45:03 AM
| Action |
Type |
Old Value |
New Value |
| Added |
Translation |
|
QEMU, cuando está construido con el soporte back-end Pseudo Random Number Generator (PRNG), permite a usuarios locales del SO invitado provocar una denegación de servicio (caída del proceso) a través una petición de entropía, lo que desencadena una asignación arbitraria basada en asignación y corrupción de memoria. |
| Removed |
Translation |
QEMU, cuando se construye con el soporte back-end Pseudo Random Number Generator (PRNG), permite a usuarios del SO invitado provocar una denegación de servicio (caída de proceso) a través de una petición entropy, lo que desencadena una asignación basada en pila arbitraria y corrupción de memoria. |
|
CVE Modified by Source -
6/16/2016 10:04:32 PM
| Action |
Type |
Old Value |
New Value |
| Changed |
Description |
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption. |
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption. |
Modified Analysis -
4/11/2016 9:45:47 AM
| Action |
Type |
Old Value |
New Value |
| Added |
CPE Configuration |
|
Configuration 1
OR
*cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:* |
| Added |
CVSS V2 |
|
(AV:L/AC:M/Au:N/C:N/I:N/A:P) |
| Added |
CVSS V3 |
|
AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H |
| Added |
CWE |
|
CWE-119 |
Initial CVE Analysis -
4/8/2016 1:10:46 PM
Quick Info
CVE Dictionary Entry:
CVE-2016-2858
NVD Published Date:
04/07/2016
NVD Last Modified:
06/30/2017
|