{"id":"USN-3125-1","summary":"qemu, qemu-kvm vulnerabilities","details":"Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\nconsume resources, resulting in a denial of service. (CVE-2016-5403)\n\nLi Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network\ncard emulation support. A privileged attacker inside the guest could use\nthis issue to cause QEMU to crash, resulting in a denial of service. This\nissue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.\n(CVE-2016-6833, CVE-2016-6834, CVE-2016-6888)\n\nLi Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network\ncard emulation support. A privileged attacker inside the guest could use\nthis issue to cause QEMU to crash, resulting in a denial of service, or\npossibly execute arbitrary code on the host. In the default installation,\nwhen QEMU is used with libvirt, attackers would be isolated by the libvirt\nAppArmor profile. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04\nLTS and Ubuntu 16.10. (CVE-2016-6835)\n\nLi Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network\ncard emulation support. A privileged attacker inside the guest could use\nthis issue to possibly to obtain sensitive host memory. This issue only\naffected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.\n(CVE-2016-6836)\n\nFelix Wilhelm discovered that QEMU incorrectly handled Plan 9 File System\n(9pfs) support. A privileged attacker inside the guest could use this issue\nto possibly to obtain sensitive host files. (CVE-2016-7116)\n\nLi Qiang and Tom Victor discovered that QEMU incorrectly handled VMWARE\nPVSCSI paravirtual SCSI bus emulation support. A privileged attacker inside\nthe guest could use this issue to cause QEMU to crash, resulting in a\ndenial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04\nLTS and Ubuntu 16.10. (CVE-2016-7155)\n\nLi Qiang discovered that QEMU incorrectly handled VMWARE PVSCSI paravirtual\nSCSI bus emulation support. A privileged attacker inside the guest could\nuse this issue to cause QEMU to crash, resulting in a denial of service.\nThis issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu\n16.10. (CVE-2016-7156, CVE-2016-7421)\n\nTom Victor discovered that QEMU incorrectly handled LSI SAS1068 host bus\nemulation support. A privileged attacker inside the guest could use this\nissue to cause QEMU to crash, resulting in a denial of service.\nThis issue only affected Ubuntu 16.10. (CVE-2016-7157)\n\nHu Chaojian discovered that QEMU incorrectly handled xlnx.xps-ethernetlite\nemulation support. A privileged attacker inside the guest could use this\nissue to cause QEMU to crash, resulting in a denial of service, or possibly\nexecute arbitrary code on the host. In the default installation, when QEMU\nis used with libvirt, attackers would be isolated by the libvirt AppArmor\nprofile. (CVE-2016-7161)\n\nQinghao Tang and Li Qiang discovered that QEMU incorrectly handled the\nVMWare VGA module. A privileged attacker inside the guest could use this\nissue to cause QEMU to crash, resulting in a denial of service.\n(CVE-2016-7170)\n\nQinghao Tang and Zhenhao Hong discovered that QEMU incorrectly handled the\nVirtio module. A privileged attacker inside the guest could use this issue\nto cause QEMU to crash, resulting in a denial of service. This issue only\naffected Ubuntu 16.10. (CVE-2016-7422)\n\nLi Qiang discovered that QEMU incorrectly handled LSI SAS1068 host bus\nemulation support. A privileged attacker inside the guest could use this\nissue to cause QEMU to crash, resulting in a denial of service.\nThis issue only affected Ubuntu 16.10. (CVE-2016-7423)\n\nLi Qiang discovered that QEMU incorrectly handled USB xHCI controller\nemulation support. A privileged attacker inside the guest could use this\nissue to cause QEMU to crash, resulting in a denial of service.\nThis issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7466)\n\nLi Qiang discovered that QEMU incorrectly handled ColdFire Fast Ethernet\nController emulation support. A privileged attacker inside the guest could\nuse this issue to cause QEMU to crash, resulting in a denial of service.\n(CVE-2016-7908)\n\nLi Qiang discovered that QEMU incorrectly handled AMD PC-Net II emulation\nsupport. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. (CVE-2016-7909)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU support. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\nconsume resources, resulting in a denial of service. This issue only\naffected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7994)\n\nLi Qiang discovered that QEMU incorrectly handled USB EHCI emulation\nsupport. A privileged attacker inside the guest could use this issue to\ncause QEMU to consume resources, resulting in a denial of service. This\nissue only affected Ubuntu 16.10. (CVE-2016-7995)\n\nLi Qiang discovered that QEMU incorrectly handled USB xHCI controller\nsupport. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. This issue only\naffected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.\n(CVE-2016-8576)\n\nLi Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pfs)\nsupport. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. This issue only\naffected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.\n(CVE-2016-8577, CVE-2016-8578)\n\nIt was discovered that QEMU incorrectly handled Rocker switch emulation\nsupport. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. This issue only\naffected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8668)\n\nIt was discovered that QEMU incorrectly handled Intel HDA controller\nemulation support. A privileged attacker inside the guest could use this\nissue to cause QEMU to consume resources, resulting in a denial of service.\n(CVE-2016-8909)\n\nAndrew Henderson discovered that QEMU incorrectly handled RTL8139 ethernet\ncontroller emulation support. A privileged attacker inside the guest could\nuse this issue to cause QEMU to consume resources, resulting in a denial of\nservice. (CVE-2016-8910)\n\nLi Qiang discovered that QEMU incorrectly handled Intel i8255x ethernet\ncontroller emulation support. A privileged attacker inside the guest could\nuse this issue to cause QEMU to consume resources, resulting in a denial of\nservice. (CVE-2016-9101)\n\nLi Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pfs)\nsupport. A privileged attacker inside the guest could use this issue to\ncause QEMU to consume resources, resulting in a denial of service.\n(CVE-2016-9102, CVE-2016-9104, CVE-2016-9105)\n\nLi Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pfs)\nsupport. A privileged attacker inside the guest could use this issue to\npossibly to obtain sensitive host memory. (CVE-2016-9103)\n\nLi Qiang discovered that QEMU incorrectly handled Plan 9 File System (9pfs)\nsupport. A privileged attacker inside the guest could use this issue to\ncause QEMU to consume resources, resulting in a denial of service. This\nissue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.\n(CVE-2016-9106)\n","modified":"2026-02-10T04:41:03Z","published":"2016-11-09T18:30:00Z","related":["UBUNTU-CVE-2016-5403","UBUNTU-CVE-2016-6833","UBUNTU-CVE-2016-6834","UBUNTU-CVE-2016-6835","UBUNTU-CVE-2016-6836","UBUNTU-CVE-2016-6888","UBUNTU-CVE-2016-7116","UBUNTU-CVE-2016-7155","UBUNTU-CVE-2016-7156","UBUNTU-CVE-2016-7161","UBUNTU-CVE-2016-7170","UBUNTU-CVE-2016-7421","UBUNTU-CVE-2016-7466","UBUNTU-CVE-2016-7908","UBUNTU-CVE-2016-7909","UBUNTU-CVE-2016-7994","UBUNTU-CVE-2016-8576","UBUNTU-CVE-2016-8577","UBUNTU-CVE-2016-8578","UBUNTU-CVE-2016-8668","UBUNTU-CVE-2016-8909","UBUNTU-CVE-2016-8910","UBUNTU-CVE-2016-9101","UBUNTU-CVE-2016-9102","UBUNTU-CVE-2016-9103","UBUNTU-CVE-2016-9104","UBUNTU-CVE-2016-9105","UBUNTU-CVE-2016-9106"],"upstream":["CVE-2016-5403","CVE-2016-6833","CVE-2016-6834","CVE-2016-6835","CVE-2016-6836","CVE-2016-6888","CVE-2016-7116","CVE-2016-7155","CVE-2016-7156","CVE-2016-7161","CVE-2016-7170","CVE-2016-7421","CVE-2016-7466","CVE-2016-7908","CVE-2016-7909","CVE-2016-7994","CVE-2016-8576","CVE-2016-8577","CVE-2016-8578","CVE-2016-8668","CVE-2016-8909","CVE-2016-8910","CVE-2016-9101","CVE-2016-9102","CVE-2016-9103","CVE-2016-9104","CVE-2016-9105","CVE-2016-9106","UBUNTU-CVE-2016-5403","UBUNTU-CVE-2016-6833","UBUNTU-CVE-2016-6834","UBUNTU-CVE-2016-6835","UBUNTU-CVE-2016-6836","UBUNTU-CVE-2016-6888","UBUNTU-CVE-2016-7116","UBUNTU-CVE-2016-7155","UBUNTU-CVE-2016-7156","UBUNTU-CVE-2016-7157","UBUNTU-CVE-2016-7161","UBUNTU-CVE-2016-7170","UBUNTU-CVE-2016-7421","UBUNTU-CVE-2016-7422","UBUNTU-CVE-2016-7423","UBUNTU-CVE-2016-7466","UBUNTU-CVE-2016-7908","UBUNTU-CVE-2016-7909","UBUNTU-CVE-2016-7994","UBUNTU-CVE-2016-7995","UBUNTU-CVE-2016-8576","UBUNTU-CVE-2016-8577","UBUNTU-CVE-2016-8578","UBUNTU-CVE-2016-8668","UBUNTU-CVE-2016-8909","UBUNTU-CVE-2016-8910","UBUNTU-CVE-2016-9101","UBUNTU-CVE-2016-9102","UBUNTU-CVE-2016-9103","UBUNTU-CVE-2016-9104","UBUNTU-CVE-2016-9105","UBUNTU-CVE-2016-9106"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3125-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5403"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-6833"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-6834"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-6835"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-6836"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-6888"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-7116"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-7155"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-7156"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-7157"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-7161"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-7170"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-7421"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-7422"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-7423"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-7466"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-7908"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-7909"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-7994"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-7995"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-8576"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-8577"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-8578"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-8668"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-8909"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-8910"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9101"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9102"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9103"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9104"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9105"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9106"}],"affected":[{"package":{"name":"qemu","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/qemu@2.0.0+dfsg-2ubuntu1.30?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.0+dfsg-2ubuntu1.30"}]}],"versions":["1.5.0+dfsg-3ubuntu5","1.5.0+dfsg-3ubuntu6","1.6.0+dfsg-2ubuntu1","1.6.0+dfsg-2ubuntu2","1.6.0+dfsg-2ubuntu3","1.6.0+dfsg-2ubuntu4","1.7.0+dfsg-2ubuntu1","1.7.0+dfsg-2ubuntu2","1.7.0+dfsg-2ubuntu3","1.7.0+dfsg-2ubuntu4","1.7.0+dfsg-2ubuntu5","1.7.0+dfsg-2ubuntu7","1.7.0+dfsg-2ubuntu8","1.7.0+dfsg-2ubuntu9","1.7.0+dfsg-3ubuntu1~ppa1","1.7.0+dfsg-3ubuntu1","1.7.0+dfsg-3ubuntu2","1.7.0+dfsg-3ubuntu3","1.7.0+dfsg-3ubuntu4","1.7.0+dfsg-3ubuntu5","1.7.0+dfsg-3ubuntu6","1.7.0+dfsg-3ubuntu7","2.0.0~rc1+dfsg-0ubuntu1","2.0.0~rc1+dfsg-0ubuntu2","2.0.0~rc1+dfsg-0ubuntu3","2.0.0~rc1+dfsg-0ubuntu3.1","2.0.0+dfsg-2ubuntu1","2.0.0+dfsg-2ubuntu1.1","2.0.0+dfsg-2ubuntu1.2","2.0.0+dfsg-2ubuntu1.3","2.0.0+dfsg-2ubuntu1.5","2.0.0+dfsg-2ubuntu1.6","2.0.0+dfsg-2ubuntu1.7","2.0.0+dfsg-2ubuntu1.8","2.0.0+dfsg-2ubuntu1.9","2.0.0+dfsg-2ubuntu1.10","2.0.0+dfsg-2ubuntu1.11","2.0.0+dfsg-2ubuntu1.13","2.0.0+dfsg-2ubuntu1.14","2.0.0+dfsg-2ubuntu1.15","2.0.0+dfsg-2ubuntu1.16","2.0.0+dfsg-2ubuntu1.17","2.0.0+dfsg-2ubuntu1.18","2.0.0+dfsg-2ubuntu1.19","2.0.0+dfsg-2ubuntu1.20","2.0.0+dfsg-2ubuntu1.21","2.0.0+dfsg-2ubuntu1.22","2.0.0+dfsg-2ubuntu1.24","2.0.0+dfsg-2ubuntu1.25","2.0.0+dfsg-2ubuntu1.26","2.0.0+dfsg-2ubuntu1.27","2.0.0+dfsg-2ubuntu1.28","2.0.0+dfsg-2ubuntu1.29"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.0.0+dfsg-2ubuntu1.30","binary_name":"qemu"},{"binary_version":"2.0.0+dfsg-2ubuntu1.30","binary_name":"qemu-common"},{"binary_version":"2.0.0+dfsg-2ubuntu1.30","binary_name":"qemu-guest-agent"},{"binary_version":"2.0.0+dfsg-2ubuntu1.30","binary_name":"qemu-keymaps"},{"binary_version":"2.0.0+dfsg-2ubuntu1.30","binary_name":"qemu-kvm"},{"binary_version":"2.0.0+dfsg-2ubuntu1.30","binary_name":"qemu-system"},{"binary_version":"2.0.0+dfsg-2ubuntu1.30","binary_name":"qemu-system-aarch64"},{"binary_version":"2.0.0+dfsg-2ubuntu1.30","binary_name":"qemu-system-arm"},{"binary_version":"2.0.0+dfsg-2ubuntu1.30","binary_name":"qemu-system-common"},{"binary_version":"2.0.0+dfsg-2ubuntu1.30","binary_name":"qemu-system-mips"},{"binary_version":"2.0.0+dfsg-2ubuntu1.30","binary_name":"qemu-system-misc"},{"binary_version":"2.0.0+dfsg-2ubuntu1.30","binary_name":"qemu-system-ppc"},{"binary_version":"2.0.0+dfsg-2ubuntu1.30","binary_name":"qemu-system-sparc"},{"binary_version":"2.0.0+dfsg-2ubuntu1.30","binary_name":"qemu-system-x86"},{"binary_version":"2.0.0+dfsg-2ubuntu1.30","binary_name":"qemu-user"},{"binary_version":"2.0.0+dfsg-2ubuntu1.30","binary_name":"qemu-user-static"},{"binary_version":"2.0.0+dfsg-2ubuntu1.30","binary_name":"qemu-utils"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3125-1.json","cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5403"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-6833"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-6834"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-6835"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-6836"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-6888"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-7116"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-7155"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-7156"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-7161"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-7170"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-7421"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-7908"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-7909"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-8576"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-8577"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-8578"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-8909"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-8910"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-9101"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-9102"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-9103"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-9104"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-9105"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-9106"}]}}},{"package":{"name":"qemu","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/qemu@1:2.5+dfsg-5ubuntu10.6?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.5+dfsg-5ubuntu10.6"}]}],"versions":["1:2.3+dfsg-5ubuntu9","1:2.3+dfsg-5ubuntu10","1:2.4+dfsg-4ubuntu1","1:2.4+dfsg-4ubuntu2","1:2.4+dfsg-4ubuntu3","1:2.4+dfsg-5ubuntu3","1:2.5+dfsg-1ubuntu2","1:2.5+dfsg-1ubuntu3","1:2.5+dfsg-1ubuntu4","1:2.5+dfsg-1ubuntu5","1:2.5+dfsg-5ubuntu1","1:2.5+dfsg-5ubuntu2","1:2.5+dfsg-5ubuntu4","1:2.5+dfsg-5ubuntu6","1:2.5+dfsg-5ubuntu7","1:2.5+dfsg-5ubuntu10","1:2.5+dfsg-5ubuntu10.1","1:2.5+dfsg-5ubuntu10.2","1:2.5+dfsg-5ubuntu10.3","1:2.5+dfsg-5ubuntu10.4","1:2.5+dfsg-5ubuntu10.5"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1:2.5+dfsg-5ubuntu10.6","binary_name":"qemu"},{"binary_version":"1:2.5+dfsg-5ubuntu10.6","binary_name":"qemu-block-extra"},{"binary_version":"1:2.5+dfsg-5ubuntu10.6","binary_name":"qemu-guest-agent"},{"binary_version":"1:2.5+dfsg-5ubuntu10.6","binary_name":"qemu-kvm"},{"binary_version":"1:2.5+dfsg-5ubuntu10.6","binary_name":"qemu-system"},{"binary_version":"1:2.5+dfsg-5ubuntu10.6","binary_name":"qemu-system-aarch64"},{"binary_version":"1:2.5+dfsg-5ubuntu10.6","binary_name":"qemu-system-arm"},{"binary_version":"1:2.5+dfsg-5ubuntu10.6","binary_name":"qemu-system-common"},{"binary_version":"1:2.5+dfsg-5ubuntu10.6","binary_name":"qemu-system-mips"},{"binary_version":"1:2.5+dfsg-5ubuntu10.6","binary_name":"qemu-system-misc"},{"binary_version":"1:2.5+dfsg-5ubuntu10.6","binary_name":"qemu-system-ppc"},{"binary_version":"1:2.5+dfsg-5ubuntu10.6","binary_name":"qemu-system-s390x"},{"binary_version":"1:2.5+dfsg-5ubuntu10.6","binary_name":"qemu-system-sparc"},{"binary_version":"1:2.5+dfsg-5ubuntu10.6","binary_name":"qemu-system-x86"},{"binary_version":"1:2.5+dfsg-5ubuntu10.6","binary_name":"qemu-user"},{"binary_version":"1:2.5+dfsg-5ubuntu10.6","binary_name":"qemu-user-binfmt"},{"binary_version":"1:2.5+dfsg-5ubuntu10.6","binary_name":"qemu-user-static"},{"binary_version":"1:2.5+dfsg-5ubuntu10.6","binary_name":"qemu-utils"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3125-1.json","cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5403"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-6833"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-6834"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-6835"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-6836"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-6888"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-7116"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-7155"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-7156"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-7161"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-7170"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-7421"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-7466"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-7908"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-7909"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-7994"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-8576"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-8577"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-8578"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-8668"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-8909"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-8910"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-9101"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-9102"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-9103"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-9104"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-9105"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-9106"}]}}}],"schema_version":"1.7.3"}