vulnerability

F5 Networks: K75248350 (CVE-2016-1714): QEMU vulnerability CVE-2016-1714

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:M/Au:N/C:C/I:C/A:C)	Apr 7, 2016	Feb 16, 2017	Mar 3, 2020

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:C)

Published

Apr 7, 2016

Added

Feb 16, 2017

Modified

Mar 3, 2020

Description

The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration.

Solution

f5-big-ip-upgrade-latest

References

https://support.f5.com/csp/article/K75248350
DEBIAN-DSA-3469
DEBIAN-DSA-3470
DEBIAN-DSA-3471
NVD-CVE-2016-1714
UBUNTU-USN-2891-1

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report