#VU40050 Division by zero in QEMU - CVE-2016-8669

Cybersecurity Help s.r.o.

Published: 2016-11-04 | Updated: 2020-08-09

Vulnerability identifier: #VU40050

Vulnerability risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-8669

CWE-ID: CWE-369

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
QEMU
Client/Desktop applications / Virtualization software

Vendor: QEMU

Description

The vulnerability allows a local privileged user to a crash the entire system.

The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.

Mitigation
Install update from vendor's website.

Vulnerable software versions

QEMU: All versions

External links
https://git.qemu.org/?p=qemu.git;a=commit;h=3592fe0c919cf27a81d8e9f9b4f269553418bb01
https://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html
https://www.openwall.com/lists/oss-security/2016/10/14/9
https://www.openwall.com/lists/oss-security/2016/10/15/5
https://www.securityfocus.com/bid/93563
https://access.redhat.com/errata/RHSA-2017:2392
https://access.redhat.com/errata/RHSA-2017:2408
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
https://security.gentoo.org/glsa/201611-11

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Fedora 23 update for xen

Fedora 24 update for xen

Fedora 25 update for xen

Multiple vulnerabilities in QEMU