QEMU ne2000_receive Function Denial of Service Vulnerability (CVE-2016-2841)

QEMU ne2000_receive Function Denial of Service Vulnerability (CVE-2016-2841)
QEMU ne2000_receive Function Denial of Service Vulnerability (CVE-2016-2841)

Release date:
Updated on:

Affected Systems:

QEMU <2.5.1
QEMU

Description:

CVE (CAN) ID: CVE-2016-2841

QEMU is an open source simulator software.

In versions earlier than QEMU 2.5.1, The hw/net/ne2000.c/ne2000_receive function has a security vulnerability. By constructing the PSTARTPSTOP register value, the local client system administrator can exploit this vulnerability to cause DOS.

<* Source: Hongke Yang
*>

Suggestion:

Vendor patch:

QEMU
----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://git.qemu.org /? P = qemu. git; a = commit; h = maid

Http://www.ubuntu.com/usn/USN-2974-1

Https://bugzilla.redhat.com/show_bug.cgi? Id = 1303106

Use KVM + Qemu to build a virtual machine in Ubuntu

Linux getting started Tutorial: QEMU for Virtual Machine experience

Ubuntu 12.04 cannot find the Qemu command

Install QEMU + efi bios on Arch Linux

QEMU translation framework and debugging tools

QEMU code analysis: BIOS loading process

QEMU details: click here
QEMU: click here

This article permanently updates the link address: