NVD

Id
20457  
Name
CVE-2016-5106  
Description
The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command.  
Reject
 
CVSS Version
2  
CVSS Score
1.5  
Severity
Low  
CVSS Base Score
1.5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
2.7  
CVSS Vector
(AV:L/AC:M/Au:S/C:N/I:N/A:P)  
Pub Date
2017-01-19  
Published
2016-09-02  
Modified Date
2016-09-09  
Seq
2016-5106  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
111819 20457 CVE-2016-5106 [oss-security] 20160525 CVE Request Qemu: scsi: megasas: out-of-bounds write while setting controller properties  View
111820 20457 CVE-2016-5106 [oss-security] 20160526 Re: CVE Request Qemu: scsi: megasas: out-of-bounds write while setting controller properties  View
111821 20457 CVE-2016-5106 USN-3047-1  View
111822 20457 CVE-2016-5106 USN-3047-2  View
111823 20457 CVE-2016-5106 https://bugzilla.redhat.com/show_bug.cgi?id=1339578  View
111824 20457 CVE-2016-5106 [qemu-devel] 20160525 [Qemu-devel] [PATCH 1/3] scsi: megasas: use appropriate property buffer  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
3752 JVNDB-2016-004525 QEMU の hw/scsi/megasas.c の megasas_dcmd_set_properties 関数におけるサービス運用妨害 (DoS) の脆弱性 QEMU (別名 Quick Emulator) の hw/scsi/megasas.c の megasas_dcmd_set_properties 関数には、MegaRAID SAS 8708EM2 ホストバスアダプタのエミュレーションサポートを伴いビルドされている場合、サービス運用妨害 (境界外書き込みアクセス) 状態にされる脆弱性が存在します。 CVE-2016-5106 91612 CVE-2016-5106 20457 1.5 5.3 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-004525.html 2016-05-25 2016-10-28 View