Medium severity4.4NVD Advisory· Published Oct 5, 2016· Updated May 6, 2026

CVE-2016-7909

Description

The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.gnu.org/archive/html/qemu-devel/2016-09/msg07942.htmlnvdMailing ListPatchVendor Advisory
lists.opensuse.org/opensuse-updates/2016-12/msg00140.htmlnvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2016/10/03/3nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2016/10/03/6nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/93275nvdThird Party AdvisoryVDB Entry
lists.debian.org/debian-lts-announce/2018/11/msg00038.htmlnvdThird Party Advisory
security.gentoo.org/glsa/201611-11nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.286
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000