Vulnerability Database

296,172

Total vulnerabilities in the database

CVE-2016-4037

The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.

  • Published: May 23, 2016
  • Updated: Apr 13, 2023
  • CVE: CVE-2016-4037
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6
  • AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CVSS v2:

  • Severity: Low
  • Score: 4.9
  • AV:L/AC:L/Au:N/C:N/I:N/A:C

CWEs:

Software From Fixed in
fedoraproject / fedora 22 22.x
fedoraproject / fedora 24 24.x
fedoraproject / fedora 23 23.x
canonical / ubuntu_linux 12.04 12.04.x
canonical / ubuntu_linux 16.04 16.04.x
canonical / ubuntu_linux 15.10 15.10.x
canonical / ubuntu_linux 14.04 14.04.x
qemu / qemu - 2.5.1.x
qemu / qemu 2.6.0-rc1 2.6.0-rc1.x
qemu / qemu 2.6.0-rc2 2.6.0-rc2.x
qemu / qemu 2.6.0-rc0 2.6.0-rc0.x
debian / debian_linux 8.0 8.0.x