Back to bug 1301643
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-01-25 15:24:19 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-01-25 15:24:19 UTC | Doc Type | --- | Bug Fix |
| Adam Mariš | 2016-01-25 15:25:55 UTC | Blocks | 1301644 | |
| Prasad Pandit | 2016-01-29 16:06:37 UTC | CC | prasad | |
| Doc Text | Qemu emulator built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the Qemu process instance resulting in DoS. | |||
| Whiteboard | impact=moderate,public=no,reported=20160125,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-476,rhel-5/kvm=new,rhel-6/qemu-kvm=new,rhel-6/qemu-kvm-rhev=new,rhel-7/qemu-kvm=new,rhel-7/qemu-kvm-rhev=new,openstack-5/qemu-kvm-rhev=new,openstack-6/qemu-kvm-rhev=new,openstack-7/qemu-kvm-rhev=new,openstack-8/qemu-kvm-rhev=new,rhev-m-3/qemu-kvm-rhev=new,fedora-all/qemu=affected,epel-all/qemu=affected | impact=low,public=20160129,reported=20160125,source=researcher,cvss2=2.3/AV:A/AC:M/Au:S/C:N/I:N/A:P,cwe=CWE-476,rhel-5/kvm=notaffected,rhel-5/xen=notaffected,rhel-6/qemu-kvm=notaffected,rhel-6/qemu-kvm-rhev=notaffected,rhel-7/qemu-kvm=wontfix,rhel-7/qemu-kvm-rhev=wontfix,openstack-5/qemu-kvm-rhev=wontfix,openstack-6/qemu-kvm-rhev=wontfix,openstack-7/qemu-kvm-rhev=wontfix,openstack-8/qemu-kvm-rhev=wontfix,fedora-all/qemu=affected,fedora-all/xen=affected | ||
| Prasad Pandit | 2016-01-29 16:09:00 UTC | Summary | EMBARGOED qemu: Null pointer dereference in hcd-ehci.c | EMBARGOED qemu: usb: ehci null pointer dereference in ehci_caps_write |
| Prasad Pandit | 2016-01-29 16:10:35 UTC | Summary | EMBARGOED qemu: usb: ehci null pointer dereference in ehci_caps_write | EMBARGOED Qemu: usb: ehci null pointer dereference in ehci_caps_write |
| Prasad Pandit | 2016-01-29 16:14:11 UTC | Summary | EMBARGOED Qemu: usb: ehci null pointer dereference in ehci_caps_write | Qemu: usb: ehci null pointer dereference in ehci_caps_write |
| Prasad Pandit | 2016-01-29 16:14:20 UTC | Group | security, qe_staff | |
| Prasad Pandit | 2016-01-29 16:14:34 UTC | Depends On | 1303134 | |
| Prasad Pandit | 2016-01-29 16:14:51 UTC | Depends On | 1303135 | |
| Prasad Pandit | 2016-02-01 04:39:46 UTC | Alias | CVE-2016-2198 | |
| Prasad Pandit | 2016-02-01 04:39:56 UTC | Summary | Qemu: usb: ehci null pointer dereference in ehci_caps_write | CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write |
| Martin Prpič | 2016-02-01 09:00:51 UTC | Priority | medium | low |
| Severity | medium | low | ||
| Summer Long | 2016-03-13 22:59:31 UTC | CC | slong | |
| Doc Text | Qemu emulator built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the Qemu process instance resulting in DoS. | A NULL pointer dereference flaw was found in the QEMU emulator built with USB EHCI emulation support. The flaw could occur when an application attempts to write to EHCI-capability registers. A privileged user inside a quest could exploit this flaw to crash the QEMU process instance (denial of service). | ||
| John Skeoch | 2016-04-18 07:39:20 UTC | CC | yeylon | srevivo |
| Perry Myers | 2016-04-19 00:59:13 UTC | CC | pmyers | |
| Scott Herold | 2017-09-12 15:27:43 UTC | CC | sherold | |
| PnT Account Manager | 2018-01-30 23:55:13 UTC | CC | aortega | |
| PnT Account Manager | 2018-07-18 14:47:59 UTC | CC | rbalakri | |
| PnT Account Manager | 2018-11-05 22:41:53 UTC | CC | ylavi | |
| Gil Klein | 2019-04-14 12:34:13 UTC | CC | gklein | |
| Product Security DevOps Team | 2019-06-08 02:47:46 UTC | Status | NEW | CLOSED |
| Resolution | --- | WONTFIX | ||
| Last Closed | 2019-06-08 02:47:46 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:43:28 UTC | Whiteboard | impact=low,public=20160129,reported=20160125,source=researcher,cvss2=2.3/AV:A/AC:M/Au:S/C:N/I:N/A:P,cwe=CWE-476,rhel-5/kvm=notaffected,rhel-5/xen=notaffected,rhel-6/qemu-kvm=notaffected,rhel-6/qemu-kvm-rhev=notaffected,rhel-7/qemu-kvm=wontfix,rhel-7/qemu-kvm-rhev=wontfix,openstack-5/qemu-kvm-rhev=wontfix,openstack-6/qemu-kvm-rhev=wontfix,openstack-7/qemu-kvm-rhev=wontfix,openstack-8/qemu-kvm-rhev=wontfix,fedora-all/qemu=affected,fedora-all/xen=affected |
Back to bug 1301643