{"id":"USN-3261-1","summary":"qemu vulnerabilities","details":"Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU\ndevice. An attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 16.10. (CVE-2016-10028, CVE-2016-10029)\n\nLi Qiang discovered that QEMU incorrectly handled the 6300esb watchdog. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. (CVE-2016-10155)\n\nLi Qiang discovered that QEMU incorrectly handled the i.MX Fast Ethernet\nController. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. This issue only\naffected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7907)\n\nIt was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. (CVE-2016-8667)\n\nIt was discovered that QEMU incorrectly handled the 16550A UART device. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. (CVE-2016-8669)\n\nIt was discovered that QEMU incorrectly handled the shared rings when used\nwith Xen. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service, or possibly execute\narbitrary code on the host. (CVE-2016-9381)\n\nJann Horn discovered that QEMU incorrectly handled VirtFS directory\nsharing. A privileged attacker inside the guest could use this issue to\naccess files on the host file system outside of the shared directory and\npossibly escalate their privileges. In the default installation, when QEMU\nis used with libvirt, attackers would be isolated by the libvirt AppArmor\nprofile. (CVE-2016-9602)\n\nGerd Hoffmann discovered that QEMU incorrectly handled the Cirrus VGA\ndevice when being used with a VNC connection. A privileged attacker inside\nthe guest could use this issue to cause QEMU to crash, resulting in a\ndenial of service, or possibly execute arbitrary code on the host. In the\ndefault installation, when QEMU is used with libvirt, attackers would be\nisolated by the libvirt AppArmor profile. (CVE-2016-9603)\n\nIt was discovered that QEMU incorrectly handled the ColdFire Fast Ethernet\nController. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. (CVE-2016-9776)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An\nattacker inside the guest could use this issue to cause QEMU to leak\ncontents of host memory. This issue only affected Ubuntu 16.04 LTS and\nUbuntu 16.10. (CVE-2016-9845, CVE-2016-9908)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An\nattacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. This issue only affected Ubuntu 16.04 LTS\nand Ubuntu 16.10. (CVE-2016-9846, CVE-2016-9912, CVE-2017-5552,\nCVE-2017-5578, CVE-2017-5857)\n\nLi Qiang discovered that QEMU incorrectly handled the USB redirector. An\nattacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. This issue only affected Ubuntu 16.04 LTS\nand Ubuntu 16.10. (CVE-2016-9907)\n\nLi Qiang discovered that QEMU incorrectly handled USB EHCI emulation. An\nattacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. (CVE-2016-9911)\n\nLi Qiang discovered that QEMU incorrectly handled VirtFS directory sharing.\nA privileged attacker inside the guest could use this issue to cause QEMU\nto crash, resulting in a denial of service. (CVE-2016-9913, CVE-2016-9914,\nCVE-2016-9915, CVE-2016-9916)\n\nQinghao Tang, Li Qiang, and Jiangxin discovered that QEMU incorrectly\nhandled the Cirrus VGA device. A privileged attacker inside the guest could\nuse this issue to cause QEMU to crash, resulting in a denial of service.\n(CVE-2016-9921, CVE-2016-9922)\n\nWjjzhang and Li Qiang discovered that QEMU incorrectly handled the Cirrus\nVGA device. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service, or possibly execute\narbitrary code on the host. In the default installation, when QEMU is used\nwith libvirt, attackers would be isolated by the libvirt AppArmor profile.\n(CVE-2017-2615)\n\nIt was discovered that QEMU incorrectly handled the Cirrus VGA device. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service, or possibly execute arbitrary code\non the host. In the default installation, when QEMU is used with libvirt,\nattackers would be isolated by the libvirt AppArmor profile.\n(CVE-2017-2620)\n\nIt was discovered that QEMU incorrectly handled VNC connections. An\nattacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. (CVE-2017-2633)\n\nLi Qiang discovered that QEMU incorrectly handled the ac97 audio device. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. (CVE-2017-5525)\n\nLi Qiang discovered that QEMU incorrectly handled the es1370 audio device.\nA privileged attacker inside the guest could use this issue to cause QEMU\nto crash, resulting in a denial of service. (CVE-2017-5526)\n\nLi Qiang discovered that QEMU incorrectly handled the 16550A UART device. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. (CVE-2017-5579)\n\nJiang Xin discovered that QEMU incorrectly handled SDHCI device emulation.\nA privileged attacker inside the guest could use this issue to cause QEMU\nto crash, resulting in a denial of service, or possibly execute arbitrary\ncode on the host. In the default installation, when QEMU is used with\nlibvirt, attackers would be isolated by the libvirt AppArmor profile.\n(CVE-2017-5667)\n\nLi Qiang discovered that QEMU incorrectly handled the MegaRAID SAS device.\nA privileged attacker inside the guest could use this issue to cause QEMU\nto crash, resulting in a denial of service. (CVE-2017-5856)\n\nLi Qiang discovered that QEMU incorrectly handled the CCID Card device. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. (CVE-2017-5898)\n\nLi Qiang discovered that QEMU incorrectly handled USB xHCI controller\nemulation. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. (CVE-2017-5973)\n\nJiang Xin and Wjjzhang discovered that QEMU incorrectly handled SDHCI\ndevice emulation. A privileged attacker inside the guest could use this\nissue to cause QEMU to crash, resulting in a denial of service.\n(CVE-2017-5987)\n\nLi Qiang discovered that QEMU incorrectly handled USB OHCI controller\nemulation. A privileged attacker inside the guest could use this issue to\ncause QEMU to hang, resulting in a denial of service. (CVE-2017-6505)\n","modified":"2026-02-10T04:41:06Z","published":"2017-04-20T18:33:13Z","related":["UBUNTU-CVE-2016-10028","UBUNTU-CVE-2016-10029","UBUNTU-CVE-2016-10155","UBUNTU-CVE-2016-7907","UBUNTU-CVE-2016-8667","UBUNTU-CVE-2016-8669","UBUNTU-CVE-2016-9381","UBUNTU-CVE-2016-9602","UBUNTU-CVE-2016-9603","UBUNTU-CVE-2016-9776","UBUNTU-CVE-2016-9845","UBUNTU-CVE-2016-9846","UBUNTU-CVE-2016-9907","UBUNTU-CVE-2016-9908","UBUNTU-CVE-2016-9911","UBUNTU-CVE-2016-9912","UBUNTU-CVE-2016-9913","UBUNTU-CVE-2016-9914","UBUNTU-CVE-2016-9915","UBUNTU-CVE-2016-9916","UBUNTU-CVE-2016-9921","UBUNTU-CVE-2016-9922","UBUNTU-CVE-2017-2615","UBUNTU-CVE-2017-2620","UBUNTU-CVE-2017-2633","UBUNTU-CVE-2017-5525","UBUNTU-CVE-2017-5526","UBUNTU-CVE-2017-5552","UBUNTU-CVE-2017-5578","UBUNTU-CVE-2017-5579","UBUNTU-CVE-2017-5667","UBUNTU-CVE-2017-5856","UBUNTU-CVE-2017-5857","UBUNTU-CVE-2017-5898","UBUNTU-CVE-2017-5973","UBUNTU-CVE-2017-5987","UBUNTU-CVE-2017-6505"],"upstream":["CVE-2016-10028","CVE-2016-10029","CVE-2016-10155","CVE-2016-7907","CVE-2016-8667","CVE-2016-8669","CVE-2016-9381","CVE-2016-9602","CVE-2016-9603","CVE-2016-9776","CVE-2016-9845","CVE-2016-9846","CVE-2016-9907","CVE-2016-9908","CVE-2016-9911","CVE-2016-9912","CVE-2016-9913","CVE-2016-9914","CVE-2016-9915","CVE-2016-9916","CVE-2016-9921","CVE-2016-9922","CVE-2017-2615","CVE-2017-2620","CVE-2017-2633","CVE-2017-5525","CVE-2017-5526","CVE-2017-5552","CVE-2017-5578","CVE-2017-5579","CVE-2017-5667","CVE-2017-5856","CVE-2017-5857","CVE-2017-5898","CVE-2017-5973","CVE-2017-5987","CVE-2017-6505","UBUNTU-CVE-2016-10028","UBUNTU-CVE-2016-10029","UBUNTU-CVE-2016-10155","UBUNTU-CVE-2016-7907","UBUNTU-CVE-2016-8667","UBUNTU-CVE-2016-8669","UBUNTU-CVE-2016-9381","UBUNTU-CVE-2016-9602","UBUNTU-CVE-2016-9603","UBUNTU-CVE-2016-9776","UBUNTU-CVE-2016-9845","UBUNTU-CVE-2016-9846","UBUNTU-CVE-2016-9907","UBUNTU-CVE-2016-9908","UBUNTU-CVE-2016-9911","UBUNTU-CVE-2016-9912","UBUNTU-CVE-2016-9913","UBUNTU-CVE-2016-9914","UBUNTU-CVE-2016-9915","UBUNTU-CVE-2016-9916","UBUNTU-CVE-2016-9921","UBUNTU-CVE-2016-9922","UBUNTU-CVE-2017-2615","UBUNTU-CVE-2017-2620","UBUNTU-CVE-2017-2633","UBUNTU-CVE-2017-5525","UBUNTU-CVE-2017-5526","UBUNTU-CVE-2017-5552","UBUNTU-CVE-2017-5578","UBUNTU-CVE-2017-5579","UBUNTU-CVE-2017-5667","UBUNTU-CVE-2017-5856","UBUNTU-CVE-2017-5857","UBUNTU-CVE-2017-5898","UBUNTU-CVE-2017-5973","UBUNTU-CVE-2017-5987","UBUNTU-CVE-2017-6505"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3261-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-7907"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-8667"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-8669"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9381"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9602"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9603"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9776"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9845"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9846"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9907"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9908"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9911"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9912"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9913"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9914"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9915"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9916"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9921"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9922"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-10028"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-10029"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-10155"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-2615"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-2620"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-2633"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-5525"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-5526"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-5552"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-5578"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-5579"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-5667"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-5856"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-5857"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-5898"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-5973"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-5987"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6505"}],"affected":[{"package":{"name":"qemu","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/qemu@2.0.0+dfsg-2ubuntu1.33?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.0+dfsg-2ubuntu1.33"}]}],"versions":["1.5.0+dfsg-3ubuntu5","1.5.0+dfsg-3ubuntu6","1.6.0+dfsg-2ubuntu1","1.6.0+dfsg-2ubuntu2","1.6.0+dfsg-2ubuntu3","1.6.0+dfsg-2ubuntu4","1.7.0+dfsg-2ubuntu1","1.7.0+dfsg-2ubuntu2","1.7.0+dfsg-2ubuntu3","1.7.0+dfsg-2ubuntu4","1.7.0+dfsg-2ubuntu5","1.7.0+dfsg-2ubuntu7","1.7.0+dfsg-2ubuntu8","1.7.0+dfsg-2ubuntu9","1.7.0+dfsg-3ubuntu1~ppa1","1.7.0+dfsg-3ubuntu1","1.7.0+dfsg-3ubuntu2","1.7.0+dfsg-3ubuntu3","1.7.0+dfsg-3ubuntu4","1.7.0+dfsg-3ubuntu5","1.7.0+dfsg-3ubuntu6","1.7.0+dfsg-3ubuntu7","2.0.0~rc1+dfsg-0ubuntu1","2.0.0~rc1+dfsg-0ubuntu2","2.0.0~rc1+dfsg-0ubuntu3","2.0.0~rc1+dfsg-0ubuntu3.1","2.0.0+dfsg-2ubuntu1","2.0.0+dfsg-2ubuntu1.1","2.0.0+dfsg-2ubuntu1.2","2.0.0+dfsg-2ubuntu1.3","2.0.0+dfsg-2ubuntu1.5","2.0.0+dfsg-2ubuntu1.6","2.0.0+dfsg-2ubuntu1.7","2.0.0+dfsg-2ubuntu1.8","2.0.0+dfsg-2ubuntu1.9","2.0.0+dfsg-2ubuntu1.10","2.0.0+dfsg-2ubuntu1.11","2.0.0+dfsg-2ubuntu1.13","2.0.0+dfsg-2ubuntu1.14","2.0.0+dfsg-2ubuntu1.15","2.0.0+dfsg-2ubuntu1.16","2.0.0+dfsg-2ubuntu1.17","2.0.0+dfsg-2ubuntu1.18","2.0.0+dfsg-2ubuntu1.19","2.0.0+dfsg-2ubuntu1.20","2.0.0+dfsg-2ubuntu1.21","2.0.0+dfsg-2ubuntu1.22","2.0.0+dfsg-2ubuntu1.24","2.0.0+dfsg-2ubuntu1.25","2.0.0+dfsg-2ubuntu1.26","2.0.0+dfsg-2ubuntu1.27","2.0.0+dfsg-2ubuntu1.28","2.0.0+dfsg-2ubuntu1.29","2.0.0+dfsg-2ubuntu1.30","2.0.0+dfsg-2ubuntu1.31","2.0.0+dfsg-2ubuntu1.32"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.0.0+dfsg-2ubuntu1.33","binary_name":"qemu"},{"binary_version":"2.0.0+dfsg-2ubuntu1.33","binary_name":"qemu-common"},{"binary_version":"2.0.0+dfsg-2ubuntu1.33","binary_name":"qemu-guest-agent"},{"binary_version":"2.0.0+dfsg-2ubuntu1.33","binary_name":"qemu-keymaps"},{"binary_version":"2.0.0+dfsg-2ubuntu1.33","binary_name":"qemu-kvm"},{"binary_version":"2.0.0+dfsg-2ubuntu1.33","binary_name":"qemu-system"},{"binary_version":"2.0.0+dfsg-2ubuntu1.33","binary_name":"qemu-system-aarch64"},{"binary_version":"2.0.0+dfsg-2ubuntu1.33","binary_name":"qemu-system-arm"},{"binary_version":"2.0.0+dfsg-2ubuntu1.33","binary_name":"qemu-system-common"},{"binary_version":"2.0.0+dfsg-2ubuntu1.33","binary_name":"qemu-system-mips"},{"binary_version":"2.0.0+dfsg-2ubuntu1.33","binary_name":"qemu-system-misc"},{"binary_version":"2.0.0+dfsg-2ubuntu1.33","binary_name":"qemu-system-ppc"},{"binary_version":"2.0.0+dfsg-2ubuntu1.33","binary_name":"qemu-system-sparc"},{"binary_version":"2.0.0+dfsg-2ubuntu1.33","binary_name":"qemu-system-x86"},{"binary_version":"2.0.0+dfsg-2ubuntu1.33","binary_name":"qemu-user"},{"binary_version":"2.0.0+dfsg-2ubuntu1.33","binary_name":"qemu-user-static"},{"binary_version":"2.0.0+dfsg-2ubuntu1.33","binary_name":"qemu-utils"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3261-1.json","cves_map":{"cves":[{"id":"CVE-2016-8667","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-8669","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-9381","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-9602","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-9603","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-9776","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-9911","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-9913","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-9914","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-9915","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-9916","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-9921","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-9922","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-10155","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2017-2615","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2017-2620","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2017-2633","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2017-5525","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2017-5526","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2017-5579","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2017-5667","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2017-5856","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2017-5898","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2017-5973","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2017-5987","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2017-6505","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:14.04:LTS"}}},{"package":{"name":"qemu","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/qemu@1:2.5+dfsg-5ubuntu10.11?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.5+dfsg-5ubuntu10.11"}]}],"versions":["1:2.3+dfsg-5ubuntu9","1:2.3+dfsg-5ubuntu10","1:2.4+dfsg-4ubuntu1","1:2.4+dfsg-4ubuntu2","1:2.4+dfsg-4ubuntu3","1:2.4+dfsg-5ubuntu3","1:2.5+dfsg-1ubuntu2","1:2.5+dfsg-1ubuntu3","1:2.5+dfsg-1ubuntu4","1:2.5+dfsg-1ubuntu5","1:2.5+dfsg-5ubuntu1","1:2.5+dfsg-5ubuntu2","1:2.5+dfsg-5ubuntu4","1:2.5+dfsg-5ubuntu6","1:2.5+dfsg-5ubuntu7","1:2.5+dfsg-5ubuntu10","1:2.5+dfsg-5ubuntu10.1","1:2.5+dfsg-5ubuntu10.2","1:2.5+dfsg-5ubuntu10.3","1:2.5+dfsg-5ubuntu10.4","1:2.5+dfsg-5ubuntu10.5","1:2.5+dfsg-5ubuntu10.6","1:2.5+dfsg-5ubuntu10.7","1:2.5+dfsg-5ubuntu10.8","1:2.5+dfsg-5ubuntu10.9","1:2.5+dfsg-5ubuntu10.10"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1:2.5+dfsg-5ubuntu10.11","binary_name":"qemu"},{"binary_version":"1:2.5+dfsg-5ubuntu10.11","binary_name":"qemu-block-extra"},{"binary_version":"1:2.5+dfsg-5ubuntu10.11","binary_name":"qemu-guest-agent"},{"binary_version":"1:2.5+dfsg-5ubuntu10.11","binary_name":"qemu-kvm"},{"binary_version":"1:2.5+dfsg-5ubuntu10.11","binary_name":"qemu-system"},{"binary_version":"1:2.5+dfsg-5ubuntu10.11","binary_name":"qemu-system-aarch64"},{"binary_version":"1:2.5+dfsg-5ubuntu10.11","binary_name":"qemu-system-arm"},{"binary_version":"1:2.5+dfsg-5ubuntu10.11","binary_name":"qemu-system-common"},{"binary_version":"1:2.5+dfsg-5ubuntu10.11","binary_name":"qemu-system-mips"},{"binary_version":"1:2.5+dfsg-5ubuntu10.11","binary_name":"qemu-system-misc"},{"binary_version":"1:2.5+dfsg-5ubuntu10.11","binary_name":"qemu-system-ppc"},{"binary_version":"1:2.5+dfsg-5ubuntu10.11","binary_name":"qemu-system-s390x"},{"binary_version":"1:2.5+dfsg-5ubuntu10.11","binary_name":"qemu-system-sparc"},{"binary_version":"1:2.5+dfsg-5ubuntu10.11","binary_name":"qemu-system-x86"},{"binary_version":"1:2.5+dfsg-5ubuntu10.11","binary_name":"qemu-user"},{"binary_version":"1:2.5+dfsg-5ubuntu10.11","binary_name":"qemu-user-binfmt"},{"binary_version":"1:2.5+dfsg-5ubuntu10.11","binary_name":"qemu-user-static"},{"binary_version":"1:2.5+dfsg-5ubuntu10.11","binary_name":"qemu-utils"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3261-1.json","cves_map":{"cves":[{"id":"CVE-2016-7907","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-8667","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-8669","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-9381","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-9602","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-9603","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-9776","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-9845","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-9846","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-9907","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-9908","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-9911","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-9912","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-9913","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-9914","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-9915","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-9916","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-9921","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-9922","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-10028","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-10029","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-10155","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2017-2615","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2017-2620","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2017-5525","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2017-5526","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2017-5552","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2017-5578","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2017-5579","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2017-5667","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2017-5856","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2017-5857","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2017-5898","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2017-5973","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2017-5987","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2017-6505","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:16.04:LTS"}}}],"schema_version":"1.7.3"}