Lucene search
F5F5:K75248350HistoryMay 10, 2016 - 12:00 a.m.
K75248350 : QEMU vulnerability CVE-2016-1714
2016-05-1000:00:00
my.f5.com
21
Security Advisory Description
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration. (CVE-2016-1714)
Impact
When exploited, an attacker with the appropriate privilege on the vCMP guest may cause the vCMP guest to crash, resulting in a denial of service (DoS). Additionally, an attacker with the appropriate privileges on the vCMP guest may potentially run arbitrary code with root privileges on the vCMP host.
Related
openvas
openvas
RedHat Update for qemu-kvm RHSA-2016:0083-01
2016-01-29 00:00:00
CentOS Update for qemu-guest-agent CESA-2016:0082 centos6
2016-02-02 00:00:00
RedHat Update for qemu-kvm RHSA-2016:0082-01
2016-01-29 00:00:00
redhat
redhat
(RHSA-2016:0081) Important: qemu-kvm-rhev security update
2016-01-28 00:00:00
(RHSA-2016:0083) Important: qemu-kvm security and bug fix update
2016-01-28 15:38:19
(RHSA-2016:0085) Important: qemu-kvm-rhev security update
2016-01-28 15:42:25
nessus
nessus
RHEL 6 : qemu-kvm (RHSA-2016:0082)
2016-01-29 00:00:00
RHEL 7 : qemu-kvm (RHSA-2016:0083)
2016-01-29 00:00:00
Oracle Linux 6 : qemu-kvm (ELSA-2016-0082)
2016-01-29 00:00:00
cve
cve
CVE-2016-1714
2016-04-07 19:59:02
centos
centos
libcacard, qemu security update
2016-02-01 10:07:16
qemu security update
2016-02-01 10:06:38
debiancve
debiancve
CVE-2016-1714
2016-04-07 19:59:02
oraclelinux
oraclelinux
qemu-kvm security update
2016-01-28 00:00:00
qemu-kvm security and bug fix update
2016-01-28 00:00:00
qemu-kvm security update
2016-05-16 00:00:00
cvelist
cvelist
CVE-2016-1714
2016-04-07 19:00:00
prion
prion
Out-of-bounds
2016-04-07 19:59:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:09:47
ubuntucve
ubuntucve
CVE-2016-1714
2016-01-12 00:00:00
nvd
nvd
CVE-2016-1714
2016-04-07 19:59:02
f5
f5
SOL75248350 - QEMU vulnerability CVE-2016-1714
2016-05-10 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Qemu-kvm affect IBM SmartCloud Entry
2020-07-19 00:49:12
Security Bulletin: Multiple vulnerabilities in qemu affect PowerKVM
2018-06-18 01:33:29
debian
debian
[SECURITY] [DSA 3469-1] qemu security update
2016-02-08 19:45:45
[SECURITY] [DSA 3470-1] qemu-kvm security update
2016-02-08 19:45:53
[SECURITY] [DSA 3469-1] qemu security update
2016-02-08 19:45:45
osv
osv
qemu-kvm - security update
2016-02-08 00:00:00
qemu - security update
2016-02-08 00:00:00
qemu - security update
2016-02-08 00:00:00
gentoo
gentoo
QEMU: Multiple vulnerabilities
2016-04-02 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: xen-4.5.2-9.fc22
2016-03-19 21:28:58
[SECURITY] Fedora 23 Update: xen-4.5.2-9.fc23
2016-03-20 02:32:30
mageia
mageia
Updated qemu packages fix security vulnerabilities
2016-01-17 03:26:26
ubuntu
ubuntu
QEMU vulnerabilities
2016-02-03 00:00:00
suse
suse
Security update for xen (important)
2016-04-26 16:08:08
Security update for xen (important)
2016-03-30 20:07:33
Security update for qemu (important)
2016-07-06 22:04:21