Medium severity5.5NVD Advisory· Published Dec 29, 2016· Updated May 6, 2026
CVE-2016-1922
CVE-2016-1922
Description
QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference. A user or process could use this flaw to crash the QEMU instance, resulting in DoS issue.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- lists.gnu.org/archive/html/qemu-devel/2016-01/msg02812.htmlnvdPatchVendor Advisory
- www.debian.org/security/2016/dsa-3469nvdThird Party Advisory
- www.debian.org/security/2016/dsa-3470nvdThird Party Advisory
- www.debian.org/security/2016/dsa-3471nvdThird Party Advisory
- www.openwall.com/lists/oss-security/2016/01/16/1nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2016/01/16/6nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/81058nvdThird Party AdvisoryVDB Entry
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- security.gentoo.org/glsa/201604-01nvdThird Party Advisory
News mentions
0No linked articles in our index yet.