Back to search
CVE-2016-9104
Published: Dec 9, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
93956
vdb-entry
x_refsource_BID
GLSA-201611-11
vendor-advisory
x_refsource_GENTOO
openSUSE-SU-2016:3237
vendor-advisory
x_refsource_SUSE
[oss-security] 20161030 Re: CVE request Qemu: 9pfs: integer overflow leading to OOB access
mailing-list
x_refsource_MLIST
[oss-security] 20161028 CVE request Qemu: 9pfs: integer overflow leading to OOB access
mailing-list
x_refsource_MLIST
[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
mailing-list
x_refsource_MLIST
[qemu-devel] 20161013 Re: [PATCH v3 3/3] 9pfs: fix integer overflow issue in xattr read/write
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now