PT-2016-6374 · Qemu+3 · Qemu+3

Li Qiang

Published

2016-06-14

Updated

2024-06-15

CVE-2016-5338

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)

Description The issue is related to the esp reg read and esp reg write functions in the hw/scsi/esp.c file of QEMU, which can be exploited by local guest OS administrators. This can lead to a denial of service, causing the QEMU process to crash, or potentially allow the execution of arbitrary code on the QEMU host. The exploitation vectors are related to the information transfer buffer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2017-1043

CVE-2016-5338

DLA-1599-1

OPENSUSE-SU-2016_2494-1

OPENSUSE-SU-2016_2497-1

OPENSUSE-SU-2016_2642-1

OPENSUSE-SU-2024:10196-1

OPENSUSE-SU-2024:10233-1

SUSE-SU-2016:2093-1

SUSE-SU-2016:2100-1

SUSE-SU-2016:2528-1

SUSE-SU-2016:2533-1

SUSE-SU-2016:2589-1

SUSE-SU-2016:2628-1

SUSE-SU-2016:2725-1

SUSE-SU-2016:2781-1

USN-3047-1

USN-3047-2

Affected Products

Alt Linux

Qemu

Suse

Ubuntu

PT-2016-6374 · Qemu+3 · Qemu+3

CVE-2016-5338

Related Identifiers

Affected Products

References · 495