Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Local
0

CVE-2016-1714

Disclosure Date: April 07, 2016
CVE-2016-1714 CVSS v3 Base Score: 8.1
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
8.1 High
Impact Score:
6
Exploitability Score:
1.4
Vector:
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Changed
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • oracle,
  • qemu,
  • redhat

Products

  • linux 6,
  • linux 7,
  • openstack 5.0,
  • qemu

References

Canonical
CVE-2016-1714 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1714)
BID-80250 (http://www.securityfocus.com/bid/80250)
Advisory
[oss-security] 20160112 Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations (http://www.openwall.com/lists/oss-security/2016/01/12/10)
http://rhn.redhat.com/errata/RHSA-2016-0083.html
http://rhn.redhat.com/errata/RHSA-2016-0085.html
http://rhn.redhat.com/errata/RHSA-2016-0086.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
[oss-security] 20160112 Re: Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations (http://www.openwall.com/lists/oss-security/2016/01/12/11)
[oss-security] 20160111 CVE request Qemu: nvram: OOB r/w access in processing firmware configurations (http://www.openwall.com/lists/oss-security/2016/01/11/7)
SECTRACK-1034858 (http://www.securitytracker.com/id/1034858)
[Qemu-devel] 20160106 [PATCH v2 for v2.3.0] fw_cfg: add check to validate current entry value (https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html)
http://rhn.redhat.com/errata/RHSA-2016-0081.html
GLSA-201604-01 (https://security.gentoo.org/glsa/201604-01)
DSA-3469 (http://www.debian.org/security/2016/dsa-3469)
DSA-3470 (http://www.debian.org/security/2016/dsa-3470)
http://rhn.redhat.com/errata/RHSA-2016-0082.html
http://rhn.redhat.com/errata/RHSA-2016-0087.html
http://rhn.redhat.com/errata/RHSA-2016-0084.html
DSA-3471 (http://www.debian.org/security/2016/dsa-3471)
http://rhn.redhat.com/errata/RHSA-2016-0088.html
Miscellaneous
https://access.redhat.com/errata/RHSA-2016:0084
https://access.redhat.com/errata/RHSA-2016:0086
https://access.redhat.com/errata/RHSA-2016:0087
https://access.redhat.com/errata/RHSA-2016:0088
https://access.redhat.com/errata/RHSA-2016:0081
https://access.redhat.com/errata/RHSA-2016:0082
https://access.redhat.com/errata/RHSA-2016:0083
https://access.redhat.com/errata/RHSA-2016:0085
https://access.redhat.com/security/cve/CVE-2016-1714
https://bugzilla.redhat.com/show_bug.cgi?id=1296060

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis