CVE-2016-7423
Published: 10 October 2016
The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors involving MPTSASRequest objects.
Priority
CVSS 3 base score: 4.4
Status
Package | Release | Status |
---|---|---|
qemu-kvm Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
|
precise |
Not vulnerable
(code not present)
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
qemu Launchpad, Ubuntu, Debian |
upstream |
Needed
|
precise |
Does not exist
|
|
trusty |
Not vulnerable
(code not present)
|
|
xenial |
Not vulnerable
(code not present)
|
|
yakkety |
Released
(1:2.6.1+dfsg-0ubuntu5.1)
|
|
Patches: upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5 |