CVE-2016-1922

Priority
Description
QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit
Windows guests support is vulnerable to a null pointer dereference flaw. It
occurs while doing I/O port write operations via hmp interface. In that,
'current_cpu' remains null, which leads to the null pointer dereference. A
user or process could use this flaw to crash the QEMU instance, resulting
in DoS issue.
Assigned-to
mdeslaur
Notes
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needed
Ubuntu 14.04 ESM (Trusty Tahr):released (2.0.0+dfsg-2ubuntu1.22)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.5+dfsg-1ubuntu5)
Patches:
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=4c1396cb576c9b14425558b73de1584c7a9735d7
Package
Upstream:not-affected
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2019-12-05 18:44:16 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)