CVE-2016-5403 (retired)

Priority
Description
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest
OS administrators to cause a denial of service (memory consumption and QEMU
process crash) by submitting requests without waiting for completion.
Notes
 mdeslaur> the patch for this CVE introduced a regression and was later
 mdeslaur> reverted pending investigation. See LP: #1612089.
 mdeslaur> proposed regression fixes:
 mdeslaur> http://lists.nongnu.org/archive/html/qemu-devel/2016-08/msg01038.html
 mdeslaur> http://lists.nongnu.org/archive/html/qemu-devel/2016-08/msg02666.html
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: xen (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):released (4.4.2-0ubuntu0.14.04.7)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system qemu)
More Information

Updated: 2019-03-26 12:22:10 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)