Errata ALT-PU-2016-1875-1: Information
Fixes
Published: June 16, 2016
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2016-2391
The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.
Severity: MEDIUM (5.0) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Links:
- USN-2974-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1304794
- [qemu-devel] 20160216 [Qemu-devel] [PATCH] usb: ohci avoid multiple eof timers
- [oss-security] 20160216 CVE request Qemu: usb: multiple eof_timers in ohci leads to null pointer dereference
- 83263
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa1298c2d623522eda7b4f1f721fcb935abb7360
Published: June 2, 2016
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2016-5126
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- [qemu-block] 20160524 [Qemu-block] [PATCH] block/iscsi: avoid potential overflow of acb->task->cdb
- [oss-security] 20160530 CVE Request Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl
- https://bugzilla.redhat.com/show_bug.cgi?id=1340924
- [oss-security] 20160530 Re: CVE Request Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl
- USN-3047-1
- USN-3047-2
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- RHSA-2016:1654
- RHSA-2016:1653
- RHSA-2016:1655
- RHSA-2016:1763
- RHSA-2016:1607
- RHSA-2016:1606
- 90948
- RHSA-2016:1756
- GLSA-201609-01
- [debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a6b3167fa0e825aebb5a7cd8b437b6d41584a196
Published: Dec. 10, 2016
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2016-6490
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer.
Severity: MEDIUM (4.4) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
- [oss-security] 20160728 Re: CVE Request Qemu: virtio: infinite loop in virtqueue_pop
- [oss-security] 20160728 CVE Request Qemu: virtio: infinite loop in virtqueue_pop
- [qemu-devel] 20160726 [PATCH] virtio: check vring descriptor buffer length
- GLSA-201609-01
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1e7aed70144b4673fc26e73062064b6724795e5f