NVD

Id
20628  
Name
CVE-2016-5338  
Description
The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.  
Reject
 
CVSS Version
2  
CVSS Score
4.6  
Severity
Medium  
CVSS Base Score
4.6  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2016-06-14  
Modified Date
2016-11-28  
Seq
2016-5338  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
112896 20628 CVE-2016-5338 http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec  View
112897 20628 CVE-2016-5338 [oss-security] 20160607 CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO  View
112898 20628 CVE-2016-5338 [oss-security] 20160608 Re: CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO  View
112899 20628 CVE-2016-5338 91079  View
112900 20628 CVE-2016-5338 USN-3047-1  View
112901 20628 CVE-2016-5338 USN-3047-2  View
112902 20628 CVE-2016-5338 [qemu-devel] 20160606 [Qemu-devel] [PATCH v3] scsi: esp: check TI buffer index before read/write  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
2373 JVNDB-2016-003146 QEMU の hw/scsi/esp.c の esp_reg_read および esp_reg_write 関数におけるサービス運用妨害 (DoS) の脆弱性 QEMU の hw/scsi/esp.c の (1) esp_reg_read および (2) esp_reg_write 関数には、サービス運用妨害 (QEMU プロセスクラッシュ) 状態にされる、または QEMU ホスト上で任意のコードを実行される脆弱性が存在します。 CVE-2016-5338 91844 CVE-2016-5338 20628 4.6 7.8 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-003146.html 2016-06-06 2016-10-28 View