| Name | CVE-2016-1981 |
| Description | QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-3469-1, DSA-3470-1, DSA-3471-1 |
| Debian Bugs | 812307 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| qemu (PTS) | bullseye | 1:5.2+dfsg-11+deb11u3 | fixed |
| bullseye (security) | 1:5.2+dfsg-11+deb11u2 | fixed | |
| bookworm | 1:7.2+dfsg-7+deb12u7 | fixed | |
| sid, trixie | 1:9.1.1+ds-2 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| qemu | source | squeeze | (unfixed) | end-of-life | ||
| qemu | source | wheezy | 1.1.2+dfsg-6a+deb7u12 | DSA-3469-1 | ||
| qemu | source | jessie | 1:2.1+dfsg-12+deb8u5a | DSA-3471-1 | ||
| qemu | source | (unstable) | 1:2.5+dfsg-5 | 812307 | ||
| qemu-kvm | source | squeeze | (unfixed) | end-of-life | ||
| qemu-kvm | source | wheezy | 1.1.2+dfsg-6+deb7u12 | DSA-3470-1 | ||
| qemu-kvm | source | (unstable) | (unfixed) |
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html
Introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=7c23b8920329180f48b8a147b629d8837709d201 (v0.10.0)
https://bugzilla.redhat.com/show_bug.cgi?id=1298570
https://www.openwall.com/lists/oss-security/2016/01/19/10