vulnerability
Oracle Linux: CVE-2016-5126: ELSA-2016-1606: qemu-kvm security update (MODERATE)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:A/AC:L/Au:S/C:N/I:P/A:P) | May 24, 2016 | Nov 9, 2016 | Nov 29, 2024 |
Severity
4
CVSS
(AV:A/AC:L/Au:S/C:N/I:P/A:P)
Published
May 24, 2016
Added
Nov 9, 2016
Modified
Nov 29, 2024
Description
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
Quick Emulator(QEMU) built with the Block driver for iSCSI images support (virtio-blk) is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl(2) calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in denial of service, or potentially leverage it to execute arbitrary code with QEMU-process privileges on the host.
Quick Emulator(QEMU) built with the Block driver for iSCSI images support (virtio-blk) is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl(2) calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in denial of service, or potentially leverage it to execute arbitrary code with QEMU-process privileges on the host.
Solution(s)
oracle-linux-upgrade-libcacardoracle-linux-upgrade-libcacard-develoracle-linux-upgrade-libcacard-toolsoracle-linux-upgrade-qemu-imgoracle-linux-upgrade-qemu-kvmoracle-linux-upgrade-qemu-kvm-commonoracle-linux-upgrade-qemu-kvm-tools
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.