NVD

Id
20390  
Name
CVE-2016-4952  
Description
QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command.  
Reject
 
CVSS Version
2  
CVSS Score
1.5  
Severity
Low  
CVSS Base Score
1.5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
2.7  
CVSS Vector
(AV:L/AC:M/Au:S/C:N/I:N/A:P)  
Pub Date
2017-01-19  
Published
2016-09-02  
Modified Date
2016-09-09  
Seq
2016-4952  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
111440 20390 CVE-2016-4952 [oss-security] 20160523 CVE request: Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines  View
111441 20390 CVE-2016-4952 [oss-security] 20160523 Re: CVE request: Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines  View
111442 20390 CVE-2016-4952 USN-3047-1  View
111443 20390 CVE-2016-4952 USN-3047-2  View
111444 20390 CVE-2016-4952 https://bugzilla.redhat.com/show_bug.cgi?id=1334384  View
111445 20390 CVE-2016-4952 [qemu-devel] 20160523 [Qemu-devel] [PATCH] scsi: pvscsi: check command descriptor ring buffer  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
3750 JVNDB-2016-004523 QEMU におけるサービス運用妨害 (DoS) の脆弱性 QEMU (別名 Quick Emulator) には、VMware 準仮想化 SCSI (PVSCSI) バスのエミュレーションサポートを伴いビルドされている場合、サービス運用妨害 (配列の境界外アクセス) 状態にされる脆弱性が存在します。 CVE-2016-4952 91458 CVE-2016-4952 20390 1.5 5.3 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-004523.html 2016-05-23 2016-10-28 View