NVD

Id
21840  
Name
CVE-2016-7423  
Description
The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors involving MPTSASRequest objects.  
Reject
 
CVSS Version
2  
CVSS Score
2.1  
Severity
Low  
CVSS Base Score
2.1  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:N/I:N/A:P)  
Pub Date
2017-01-19  
Published
2016-10-10  
Modified Date
2016-10-12  
Seq
2016-7423  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
117115 21840 CVE-2016-7423 http://git.qemu.org/?p=qemu.git;a=commit;h=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5  View
117116 21840 CVE-2016-7423 [oss-security] 20160916 Re: CVE request Qemu: scsi: mptsas: OOB access when freeing MPTSASRequest object  View
117117 21840 CVE-2016-7423 [oss-security] 20160916 CVE request Qemu: scsi: mptsas: OOB access when freeing MPTSASRequest object  View
117118 21840 CVE-2016-7423 92997  View
117119 21840 CVE-2016-7423 https://bugzilla.redhat.com/show_bug.cgi?id=1376776  View
117120 21840 CVE-2016-7423 [qemu-devel] 20160915 [PULL 03/17] scsi: mptsas: use g_new0 to allocate MPTSASRequest object  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
4635 JVNDB-2016-005408 QEMU の mptsas_process_scsi_io_request 関数におけるサービス運用妨害 (DoS) の脆弱性 QEMU (別名 Quick Emulator) の mptsas_process_scsi_io_request 関数には、LSI SAS1068 Host Bus エミュレーションサポートを伴ってビルドされている場合、サービス運用妨害 (境界外書き込みおよび QEMU プロセスクラッシュ) 状態にされる脆弱性が存在します。 CVE-2016-7423 93930 CVE-2016-7423 21840 2.1 4.4 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-005408.html 2016-09-14 2016-10-19 View