PT-2016-6374 · Qemu+3 · Qemu+3

Li Qiang

Publicado

2016-06-14

Atualizado

2024-06-15

CVE-2016-5338

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)

Description The issue is related to the esp reg read and esp reg write functions in the hw/scsi/esp.c file of QEMU, which can be exploited by local guest OS administrators. This can lead to a denial of service, causing the QEMU process to crash, or potentially allow the execution of arbitrary code on the QEMU host. The exploitation vectors are related to the information transfer buffer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

ALT-PU-2017-1043

CVE-2016-5338

DLA-1599-1

OPENSUSE-SU-2016_2494-1

OPENSUSE-SU-2016_2497-1

OPENSUSE-SU-2016_2642-1

OPENSUSE-SU-2024:10196-1

OPENSUSE-SU-2024:10233-1

SUSE-SU-2016:2093-1

SUSE-SU-2016:2100-1

SUSE-SU-2016:2528-1

SUSE-SU-2016:2533-1

SUSE-SU-2016:2589-1

SUSE-SU-2016:2628-1

SUSE-SU-2016:2725-1

SUSE-SU-2016:2781-1

USN-3047-1

USN-3047-2

Produtos afetados

Alt Linux

Qemu

Suse

Ubuntu

PT-2016-6374 · Qemu+3 · Qemu+3

CVE-2016-5338

Identificadores relacionados

Produtos afetados

Referências · 495