Medium severity5.5NVD Advisory· Published Dec 29, 2016· Updated May 6, 2026

CVE-2016-2197

Description

QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure (FIS) and Command List Block (CLB) entries. A privileged user inside guest could use this flaw to crash the QEMU process instance resulting in DoS.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.gnu.org/archive/html/qemu-devel/2016-01/msg05742.htmlnvdPatchVendor Advisory
www.openwall.com/lists/oss-security/2016/01/29/2nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2016/01/30/1nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/82235nvdThird Party AdvisoryVDB Entry
security.gentoo.org/glsa/201604-01nvdThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue Tracking

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000