{
  "threat_severity" : "Moderate",
  "public_date" : "2016-07-27T00:00:00Z",
  "bugzilla" : {
    "description" : "Qemu: virtio: unbounded memory allocation on host via guest leading to DoS",
    "id" : "1358359",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1358359"
  },
  "cvss" : {
    "cvss_base_score" : "2.3",
    "cvss_scoring_vector" : "AV:A/AC:M/Au:S/C:N/I:N/A:P",
    "status" : "verified"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.4",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
    "status" : "verified"
  },
  "details" : [ "The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.", "Quick Emulator (QEMU) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement results in unbounded memory allocation on the host controlled by the guest." ],
  "acknowledgement" : "Red Hat would like to thank hongzhenhao (Marvel Team) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2016-09-27T00:00:00Z",
    "advisory" : "RHSA-2016:1943",
    "cpe" : "cpe:/a:redhat:rhel_virtualization:5",
    "package" : "kvm-0:83-276.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2016-08-09T00:00:00Z",
    "advisory" : "RHSA-2016:1585",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "qemu-kvm-2:0.12.1.2-2.491.el6_8.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-08-11T00:00:00Z",
    "advisory" : "RHSA-2016:1606",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "qemu-kvm-10:1.5.3-105.el7_2.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
    "release_date" : "2016-08-23T00:00:00Z",
    "advisory" : "RHSA-2016:1652",
    "cpe" : "cpe:/a:redhat:openstack:5::el6",
    "package" : "qemu-kvm-rhev-2:0.12.1.2-2.491.el6_8.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
    "release_date" : "2016-08-23T00:00:00Z",
    "advisory" : "RHSA-2016:1655",
    "cpe" : "cpe:/a:redhat:openstack:5::el7",
    "package" : "qemu-kvm-rhev-10:2.3.0-31.el7_2.21"
  }, {
    "product_name" : "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
    "release_date" : "2016-08-23T00:00:00Z",
    "advisory" : "RHSA-2016:1654",
    "cpe" : "cpe:/a:redhat:openstack:6::el7",
    "package" : "qemu-kvm-rhev-10:2.3.0-31.el7_2.21"
  }, {
    "product_name" : "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
    "release_date" : "2016-08-23T00:00:00Z",
    "advisory" : "RHSA-2016:1653",
    "cpe" : "cpe:/a:redhat:openstack:7::el7",
    "package" : "qemu-kvm-rhev-10:2.3.0-31.el7_2.21"
  }, {
    "product_name" : "Red Hat OpenStack Platform 8.0 (Liberty)",
    "release_date" : "2016-08-24T00:00:00Z",
    "advisory" : "RHSA-2016:1756",
    "cpe" : "cpe:/a:redhat:openstack:8::el7",
    "package" : "qemu-kvm-rhev-10:2.3.0-31.el7_2.21"
  }, {
    "product_name" : "Red Hat OpenStack Platform 9.0 (Mitaka)",
    "release_date" : "2016-08-24T00:00:00Z",
    "advisory" : "RHSA-2016:1763",
    "cpe" : "cpe:/a:redhat:openstack:9::el7",
    "package" : "qemu-kvm-rhev-10:2.3.0-31.el7_2.21"
  }, {
    "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-6",
    "release_date" : "2016-08-09T00:00:00Z",
    "advisory" : "RHSA-2016:1586",
    "cpe" : "cpe:/a:redhat:enterprise_linux:6::hypervisor",
    "package" : "qemu-kvm-rhev-2:0.12.1.2-2.491.el6_8.3"
  }, {
    "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-7",
    "release_date" : "2016-08-12T00:00:00Z",
    "advisory" : "RHSA-2016:1607",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "qemu-kvm-rhev-10:2.3.0-31.el7_2.21"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Affected",
    "package_name" : "kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "xen",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Affected",
    "package_name" : "qemu-kvm-rhev",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat OpenStack Platform 10 (Newton)",
    "fix_state" : "Not affected",
    "package_name" : "qemu-kvm-rhev",
    "cpe" : "cpe:/a:redhat:openstack:10"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-5403\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5403" ],
  "name" : "CVE-2016-5403",
  "csaw" : false
}