Back to search
CVE-2016-5338
Published: Jun 14, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
USN-3047-1
vendor-advisory
x_refsource_UBUNTU
[qemu-devel] 20160606 [Qemu-devel] [PATCH v3] scsi: esp: check TI buffer index before read/write
mailing-list
x_refsource_MLIST
[oss-security] 20160608 Re: CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO
mailing-list
x_refsource_MLIST
GLSA-201609-01
vendor-advisory
x_refsource_GENTOO
USN-3047-2
vendor-advisory
x_refsource_UBUNTU
91079
vdb-entry
x_refsource_BID
[oss-security] 20160607 CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO
mailing-list
x_refsource_MLIST
[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now