Executive Summary

Informations
Name CVE-2016-2392 First vendor Publication 2016-06-16
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Overall CVSS Score 6.5
Base Score 6.5 Environmental Score 6.5
impact SubScore 4 Temporal Score 6.5
Exploitabality Sub Score 2
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Changed Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 2.1 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2392

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 4

Nessus® Vulnerability Scanner

Date Description
2018-12-01 Name : The remote Debian host is missing a security update.
File : debian_DLA-1599.nasl - Type : ACT_GATHER_INFO
2016-11-14 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2781-1.nasl - Type : ACT_GATHER_INFO
2016-10-27 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-1234.nasl - Type : ACT_GATHER_INFO
2016-10-26 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2628-1.nasl - Type : ACT_GATHER_INFO
2016-10-26 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2589-1.nasl - Type : ACT_GATHER_INFO
2016-08-29 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1745-1.nasl - Type : ACT_GATHER_INFO
2016-05-19 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1318-1.nasl - Type : ACT_GATHER_INFO
2016-05-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2974-1.nasl - Type : ACT_GATHER_INFO
2016-04-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-439.nasl - Type : ACT_GATHER_INFO
2016-04-13 Name : The remote Fedora host is missing a security update.
File : fedora_2016-bfaf6a133b.nasl - Type : ACT_GATHER_INFO
2016-04-07 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0955-1.nasl - Type : ACT_GATHER_INFO
2016-04-05 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201604-01.nasl - Type : ACT_GATHER_INFO
2016-04-01 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-413.nasl - Type : ACT_GATHER_INFO
2016-03-28 Name : The remote Fedora host is missing a security update.
File : fedora_2016-1b264ab4a4.nasl - Type : ACT_GATHER_INFO
2016-03-25 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0873-1.nasl - Type : ACT_GATHER_INFO
2016-03-24 Name : The remote Fedora host is missing a security update.
File : fedora_2016-372bb57df0.nasl - Type : ACT_GATHER_INFO
2016-03-21 Name : The remote Fedora host is missing a security update.
File : fedora_2016-38b20aa50f.nasl - Type : ACT_GATHER_INFO
2016-03-21 Name : The remote Fedora host is missing a security update.
File : fedora_2016-f4504e9445.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=80eecda8e5d09c442c24307f340840...
http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html
http://www.openwall.com/lists/oss-security/2016/02/16/7
http://www.securityfocus.com/bid/83274
http://www.ubuntu.com/usn/USN-2974-1
https://bugzilla.redhat.com/show_bug.cgi?id=1302299
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg02553.html
https://security.gentoo.org/glsa/201604-01
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
Date Informations
2024-11-28 12:54:57
  • Multiple Updates
2024-08-02 12:39:27
  • Multiple Updates
2024-08-02 01:11:18
  • Multiple Updates
2024-02-02 01:38:16
  • Multiple Updates
2024-02-01 12:10:49
  • Multiple Updates
2023-09-05 12:36:24
  • Multiple Updates
2023-09-05 01:10:36
  • Multiple Updates
2023-09-02 12:36:16
  • Multiple Updates
2023-09-02 01:10:51
  • Multiple Updates
2023-08-12 12:39:25
  • Multiple Updates
2023-08-12 01:10:17
  • Multiple Updates
2023-08-11 12:34:27
  • Multiple Updates
2023-08-11 01:10:35
  • Multiple Updates
2023-08-06 12:33:18
  • Multiple Updates
2023-08-06 01:10:18
  • Multiple Updates
2023-08-04 12:33:26
  • Multiple Updates
2023-08-04 01:10:21
  • Multiple Updates
2023-07-14 12:33:27
  • Multiple Updates
2023-07-14 01:10:19
  • Multiple Updates
2023-03-29 01:35:14
  • Multiple Updates
2023-03-28 12:10:39
  • Multiple Updates
2023-02-13 09:27:56
  • Multiple Updates
2022-10-11 12:29:56
  • Multiple Updates
2022-10-11 01:10:23
  • Multiple Updates
2021-05-04 12:48:23
  • Multiple Updates
2021-04-22 01:59:02
  • Multiple Updates
2020-05-23 00:50:21
  • Multiple Updates
2018-12-01 17:18:57
  • Multiple Updates
2017-07-01 09:23:24
  • Multiple Updates
2016-11-29 00:26:03
  • Multiple Updates
2016-11-15 13:25:42
  • Multiple Updates
2016-10-28 13:24:00
  • Multiple Updates
2016-10-27 13:26:38
  • Multiple Updates
2016-08-30 13:21:27
  • Multiple Updates
2016-06-21 05:25:49
  • Multiple Updates
2016-06-17 00:25:29
  • First insertion