Medium severity5.5NVD Advisory· Published Dec 29, 2016· Updated May 6, 2026

CVE-2016-2198

Description

QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.gnu.org/archive/html/qemu-devel/2016-01/msg05899.htmlnvdPatchVendor Advisory
www.openwall.com/lists/oss-security/2016/01/29/6nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2016/01/30/2nvdMailing ListThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
lists.debian.org/debian-lts-announce/2018/09/msg00007.htmlnvdThird Party Advisory
security.gentoo.org/glsa/201604-01nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000