PT-2016-7654 · Qemu+3 · Qemu+3

Li Qiang

·

Published

2016-10-31

·

Updated

2024-06-15

·

CVE-2016-9105

CVSS v3.1

6.0

Medium

VectorAV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions QEMU (aka Quick Emulator) versions prior to the fixed version
Description A memory leak issue exists in the v9fs link function, located in hw/9pfs/9p.c, allowing local guest OS administrators to cause a denial of service by consuming memory. This can be achieved through vectors involving a reference to the source fid object.
Recommendations For QEMU versions prior to the fixed version, update to the latest version to resolve the memory leak issue. As a temporary workaround, consider restricting access to the v9fs link function to minimize the risk of exploitation.

Fix

DoS

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-772

Related Identifiers

ALT-PU-2017-1043
CVE-2016-9105
DLA-1599-1
DLA-689-1
DLA-698-1
OPENSUSE-SU-2016_3103-1
OPENSUSE-SU-2024:11287-1
SUSE-SU-2016:2879-1
SUSE-SU-2016:2902-1
SUSE-SU-2016:2936-1
SUSE-SU-2016:2988-1
USN-3125-1

Affected Products

Alt Linux
Qemu
Suse
Ubuntu