Qemu
CVE-2016-9381
HIGH
Severity by source
AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.
AnalysisAI
Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-362. Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. Affected products include: Qemu, Citrix Xenserver.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. Rated critical severity (CVSS 10.0)
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achi
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remot
Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attacke
QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA tra
softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_r
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept
A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. Rated medium severity (CVSS 6.0), this vul
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, rela
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. Rated high severity (CVSS 7.8), this vulnerabili
Same weakness CWE-362 – Race Condition
View allSame technique Race Condition
View allShare
External POC / Exploit Code
Leaving vuln.today