ByteOS Network

Vulnerability Details :

CVE-2016-4037

Assigner-redhat

Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749

Published At-23 May, 2016 | 19:00

Updated At-06 Aug, 2024 | 00:17

The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:redhat

Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749

Published At:23 May, 2016 | 19:00

Updated At:06 Aug, 2024 | 00:17

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www.openwall.com/lists/oss-security/2016/04/18/3	mailing-list x_refsource_MLIST
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1ae3f2f178087711f9591350abad133525ba93f2	x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html	vendor-advisory x_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html	vendor-advisory x_refsource_FEDORA
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html	mailing-list x_refsource_MLIST
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html	vendor-advisory x_refsource_FEDORA
http://www.ubuntu.com/usn/USN-2974-1	vendor-advisory x_refsource_UBUNTU
http://www.securityfocus.com/bid/86283	vdb-entry x_refsource_BID
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02734.html	mailing-list x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html	mailing-list x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2016/04/18/6	mailing-list x_refsource_MLIST

Hyperlink: http://www.openwall.com/lists/oss-security/2016/04/18/3

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1ae3f2f178087711f9591350abad133525ba93f2

Resource:

x_refsource_CONFIRM

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: http://www.ubuntu.com/usn/USN-2974-1

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: http://www.securityfocus.com/bid/86283

Resource:

vdb-entry

x_refsource_BID

Hyperlink: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02734.html

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://www.openwall.com/lists/oss-security/2016/04/18/6

Resource:

mailing-list

x_refsource_MLIST

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.openwall.com/lists/oss-security/2016/04/18/3	mailing-list x_refsource_MLIST x_transferred
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1ae3f2f178087711f9591350abad133525ba93f2	x_refsource_CONFIRM x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html	vendor-advisory x_refsource_FEDORA x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html	vendor-advisory x_refsource_FEDORA x_transferred
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html	mailing-list x_refsource_MLIST x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html	vendor-advisory x_refsource_FEDORA x_transferred
http://www.ubuntu.com/usn/USN-2974-1	vendor-advisory x_refsource_UBUNTU x_transferred
http://www.securityfocus.com/bid/86283	vdb-entry x_refsource_BID x_transferred
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02734.html	mailing-list x_refsource_MLIST x_transferred
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html	mailing-list x_refsource_MLIST x_transferred
http://www.openwall.com/lists/oss-security/2016/04/18/6	mailing-list x_refsource_MLIST x_transferred

Hyperlink: http://www.openwall.com/lists/oss-security/2016/04/18/3

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1ae3f2f178087711f9591350abad133525ba93f2

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: http://www.ubuntu.com/usn/USN-2974-1

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: http://www.securityfocus.com/bid/86283

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02734.html

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://www.openwall.com/lists/oss-security/2016/04/18/6

Resource:

mailing-list

x_refsource_MLIST

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:secalert@redhat.com

Published At:23 May, 2016 | 19:59

Updated At:06 May, 2026 | 22:30

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Primary	2.0	4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C

Type: Primary

Version: 3.1

Base score: 6.0

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Type: Primary

Version: 2.0

Base score: 4.9

Base severity: MEDIUM

Vector:

AV:L/AC:L/Au:N/C:N/I:N/A:C

CPE Matches

Fedora Project

>>fedora>>22

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Fedora Project

>>fedora>>23

cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*

Fedora Project

>>fedora>>24

cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*

Canonical Ltd.

>>ubuntu_linux>>12.04

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

Canonical Ltd.

>>ubuntu_linux>>14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

Canonical Ltd.

>>ubuntu_linux>>15.10

cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

Canonical Ltd.

>>ubuntu_linux>>16.04

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

QEMU

>>qemu>>Versions up to 2.5.1(inclusive)

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

QEMU

>>qemu>>2.6.0

cpe:2.3:a:qemu:qemu:2.6.0:rc0:*:*:*:*:*:*

QEMU

>>qemu>>2.6.0

cpe:2.3:a:qemu:qemu:2.6.0:rc1:*:*:*:*:*:*

QEMU

>>qemu>>2.6.0

cpe:2.3:a:qemu:qemu:2.6.0:rc2:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>8.0

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-400	Primary	nvd@nist.gov

CWE ID: CWE-400

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1ae3f2f178087711f9591350abad133525ba93f2	secalert@redhat.com	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html	secalert@redhat.com	Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html	secalert@redhat.com	Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html	secalert@redhat.com	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/04/18/3	secalert@redhat.com	Mailing List
http://www.openwall.com/lists/oss-security/2016/04/18/6	secalert@redhat.com	Mailing List
http://www.securityfocus.com/bid/86283	secalert@redhat.com	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2974-1	secalert@redhat.com	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html	secalert@redhat.com	Mailing List Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html	secalert@redhat.com	Mailing List Patch Vendor Advisory
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02734.html	secalert@redhat.com	Mailing List Vendor Advisory
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1ae3f2f178087711f9591350abad133525ba93f2	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/04/18/3	af854a3a-2127-422b-91ae-364da2661108	Mailing List
http://www.openwall.com/lists/oss-security/2016/04/18/6	af854a3a-2127-422b-91ae-364da2661108	Mailing List
http://www.securityfocus.com/bid/86283	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2974-1	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Patch Vendor Advisory
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02734.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Vendor Advisory

Hyperlink: http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1ae3f2f178087711f9591350abad133525ba93f2

Source: secalert@redhat.com

Resource: N/A

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html

Source: secalert@redhat.com

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html

Source: secalert@redhat.com

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html

Source: secalert@redhat.com

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://www.openwall.com/lists/oss-security/2016/04/18/3

Source: secalert@redhat.com

Resource:

Mailing List

Hyperlink: http://www.openwall.com/lists/oss-security/2016/04/18/6

Source: secalert@redhat.com

Resource:

Mailing List

Hyperlink: http://www.securityfocus.com/bid/86283

Source: secalert@redhat.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: http://www.ubuntu.com/usn/USN-2974-1

Source: secalert@redhat.com

Resource:

Third Party Advisory

Hyperlink: https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html

Source: secalert@redhat.com

Resource:

Mailing List

Third Party Advisory

Hyperlink: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html

Source: secalert@redhat.com

Resource:

Mailing List

Patch

Vendor Advisory

Hyperlink: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02734.html

Source: secalert@redhat.com

Resource:

Mailing List

Vendor Advisory

Hyperlink: http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1ae3f2f178087711f9591350abad133525ba93f2