Back to search
CVE-2016-7423
Published: Oct 10, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors involving MPTSASRequest objects.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
GLSA-201611-11
vendor-advisory
x_refsource_GENTOO
https://bugzilla.redhat.com/show_bug.cgi?id=1376776
x_refsource_CONFIRM
92997
vdb-entry
x_refsource_BID
[qemu-devel] 20160915 [PULL 03/17] scsi: mptsas: use g_new0 to allocate MPTSASRequest object
mailing-list
x_refsource_MLIST
[oss-security] 20160916 Re: CVE request Qemu: scsi: mptsas: OOB access when freeing MPTSASRequest object
mailing-list
x_refsource_MLIST
[oss-security] 20160916 CVE request Qemu: scsi: mptsas: OOB access when freeing MPTSASRequest object
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now