CVE-2016-6836 in Ubuntu

CVE-2016-6836

Priority

Description

The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick
Emulator) allows local guest OS administrators to obtain sensitive host
memory information by leveraging failure to initialize the txcq_descr
object.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6836
http://www.openwall.com/lists/oss-security/2016/08/11/5
https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html
https://usn.ubuntu.com/usn/usn-3125-1

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=1366369
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834944

Notes

Package

Source: qemu (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):	released (2.0.0+dfsg-2ubuntu1.30)
Ubuntu 16.04 LTS (Xenial Xerus):	released (1:2.5+dfsg-5ubuntu10.6)

Patches:

Upstream:

http://git.qemu.org/?p=qemu.git;a=commit;h=fdda170e50b8af062cf5741e12c4fb5e57a2eacf

Package

Source: qemu-kvm (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

More Information

Updated: 2019-12-05 18:46:02 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)