CVE-2016-2858

Published: Apr 7, 2016

Modified: Aug 5, 2024

PUBLISHED

Description

QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20160306 Re: CVE request Qemu: rng-random: arbitrary stack based allocation leading to corruption

mailing-list

x_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=1314676

x_refsource_CONFIRM

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956

x_refsource_CONFIRM

GLSA-201604-01

vendor-advisory

x_refsource_GENTOO

84134

vdb-entry

x_refsource_BID

USN-2974-1

vendor-advisory

x_refsource_UBUNTU

[oss-security] 20160304 CVE request Qemu: rng-random: arbitrary stack based allocation leading to corruption

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-2858

Description

Affected Products

References