CVE-2016-1981

NameCVE-2016-1981
DescriptionQEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-3469-1, DSA-3470-1, DSA-3471-1
Debian Bugs812307

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qemu (PTS)buster1:3.1+dfsg-8+deb10u8fixed
buster (security)1:3.1+dfsg-8+deb10u12fixed
bullseye1:5.2+dfsg-11+deb11u3fixed
bullseye (security)1:5.2+dfsg-11+deb11u2fixed
bookworm1:7.2+dfsg-7+deb12u5fixed
trixie1:8.2.1+ds-2fixed
sid1:8.2.2+ds-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qemusourcesqueeze(unfixed)end-of-life
qemusourcewheezy1.1.2+dfsg-6a+deb7u12DSA-3469-1
qemusourcejessie1:2.1+dfsg-12+deb8u5aDSA-3471-1
qemusource(unstable)1:2.5+dfsg-5812307
qemu-kvmsourcesqueeze(unfixed)end-of-life
qemu-kvmsourcewheezy1.1.2+dfsg-6+deb7u12DSA-3470-1
qemu-kvmsource(unstable)(unfixed)

Notes

[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html
Introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=7c23b8920329180f48b8a147b629d8837709d201 (v0.10.0)
https://bugzilla.redhat.com/show_bug.cgi?id=1298570
https://www.openwall.com/lists/oss-security/2016/01/19/10

Search for package or bug name: Reporting problems