What is CVE-2016-9911?

CVE-2016-9911 is a medium-severity vulnerability in Qemu, classified under Missing Release of Resource after Effective Lifetime. CVSS score: 6.5/10. Published 2016-12-23.

How severe is CVE-2016-9911?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Qemu

CVE-2016-9911

Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, re…

EPSS: 0.001 (24.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H.

Affected products

Qemu
Debian Debian_linux — versions 8.0
Redhat Enterprise_linux — versions 7.0
Redhat Openstack — versions 6.0, 7.0, 8
Redhat Virtualization — versions 4.0
N/a — versions n/a

Weakness classification (CWE)

CWE-772 — Missing Release of Resource after Effective Lifetime

References

[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
94762 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
RHSA-2017:2392 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
GLSA-201701-49 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
RHSA-2017:2408 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
[oss-security] 20161208 Re: CVE request: Qemu: usb: ehci: memory leakage in ehci_init_transfer (mailing-list, x_refsource_MLIST, Patch, Mailing List, Third Party Advisory)

Frequently asked questions

What is CVE-2016-9911?: CVE-2016-9911 is a medium-severity vulnerability in Qemu, classified under Missing Release of Resource after Effective Lifetime. CVSS score: 6.5/10. Published 2016-12-23.
How severe is CVE-2016-9911?: Medium severity. CVSS v3 base score is 6.5 out of 10.