VDB
DEBIAN-CVE-2016-2538
DEBIAN-CVE-2016-2538
PUBLISHED
CVSS 7.099999904632568 HIGH
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.
Risk Scores
CVSS v3.0
7.099999904632568
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | qemu | 0, 0, 0 |
| Debian:14 | qemu | 0, 0, 0 |
| Debian:12 | qemu | 0, 0, 0 |
| Debian:11 | qemu | 0, 0, 0 |
Timeline
- Jun 16, 2016 CVE Published
- Apr 28, 2026 CVE Updated