VYPR
Get started
← All advisories
Medium severity6.0NVD Advisory· Published May 23, 2016· Updated May 6, 2026

CVE-2016-4037

CVE-2016-4037

Description

The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.

Affected products

12
  • Fedoraproject/Fedora3 versions
    cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
  • Canonical/Ubuntu Linux4 versions
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 3 more
    • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • QEMU/Qemu4 versions
    cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*range: <=2.5.1
    • cpe:2.3:a:qemu:qemu:2.6.0:rc0:*:*:*:*:*:*
    • cpe:2.3:a:qemu:qemu:2.6.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:qemu:qemu:2.6.0:rc2:*:*:*:*:*:*
  • Debian/Debian Linux
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

10

News mentions

0

No linked articles in our index yet.