CVE-2016-5403

Priority
Description
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest
OS administrators to cause a denial of service (memory consumption and QEMU
process crash) by submitting requests without waiting for completion.
Notes
mdeslaurthe patch for this CVE introduced a regression and was later
reverted pending investigation. See LP: #1612089.
proposed regression fixes:
http://lists.nongnu.org/archive/html/qemu-devel/2016-08/msg01038.html
http://lists.nongnu.org/archive/html/qemu-devel/2016-08/msg02666.html
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: xen (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [4.4.2-0ubuntu0.14.04.7])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system qemu)
Binaries built from this source package are in universe and so are supported by the community. For more details see https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support
More Information

Updated: 2019-12-05 18:45:44 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)