Back to search
CVE-2016-4439
Published: May 20, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
USN-3047-1
vendor-advisory
x_refsource_UBUNTU
90760
vdb-entry
x_refsource_BID
GLSA-201609-01
vendor-advisory
x_refsource_GENTOO
USN-3047-2
vendor-advisory
x_refsource_UBUNTU
[qemu-devel] 20160519 [PATCH 1/2] scsi: check command buffer length before write(CVE-2016-4439)
mailing-list
x_refsource_MLIST
[oss-security] 20160519 CVE-2016-4439 Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write
mailing-list
x_refsource_MLIST
[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=1337502
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now