Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6
CVSSv3

CVE-2016-4952

Published: 02/09/2016 Updated: 21/10/2020
CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 6 | Impact Score: 4 | Exploitability Score: 1.5
VMScore: 169
Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Qemu

Vulnerability Summary

QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

debian debian linux 8.0

Vendor Advisories

Ubuntu Security Notice: qemu, qemu-kvm regression
USN-3047-1 introduced a regression in QEMU ...
Ubuntu Security Notice: qemu, qemu-kvm vulnerabilities
Several security issues were fixed in QEMU ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-4020: i386: leakage of stack memory to guest in kvmvapic.c
Debian Bug report logs - #821062 qemu: CVE-2016-4020: i386: leakage of stack memory to guest in kvmvapicc Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 15 Apr 2016 04:57:01 UTC Severity: import ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-4964: scsi: mptsas infinite loop in mptsas_fetch_requests
Debian Bug report logs - #825207 qemu: CVE-2016-4964: scsi: mptsas infinite loop in mptsas_fetch_requests Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 24 May 2016 14:42:01 UTC Severity: importa ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-4002: net: buffer overflow in MIPSnet emulator
Debian Bug report logs - #821061 qemu: CVE-2016-4002: net: buffer overflow in MIPSnet emulator Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 15 Apr 2016 04:12:02 UTC Severity: important Tags: pa ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-5126: block: iscsi: buffer overflow in iscsi_aio_ioctl
Debian Bug report logs - #826151 qemu: CVE-2016-5126: block: iscsi: buffer overflow in iscsi_aio_ioctl Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 2 Jun 2016 18:45:02 UTC Severity: important ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-4952: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines
Debian Bug report logs - #825210 qemu: CVE-2016-4952: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 24 May 2016 15:00 ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-5107: scsi: megasas: out-of-bounds read in megasas_lookup_frame() function
Debian Bug report logs - #825616 qemu: CVE-2016-5107: scsi: megasas: out-of-bounds read in megasas_lookup_frame() function Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 28 May 2016 07:54:02 UTC ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-5105: scsi: megasas: stack information leakage while reading configuration
Debian Bug report logs - #825614 qemu: CVE-2016-5105: scsi: megasas: stack information leakage while reading configuration Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 28 May 2016 07:51:02 UTC ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-5337: scsi: megasas: information leakage in megasas_ctrl_get_info
Debian Bug report logs - #827026 qemu: CVE-2016-5337: scsi: megasas: information leakage in megasas_ctrl_get_info Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 11 Jun 2016 10:15:01 UTC Severity: ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-5338: scsi: esp: OOB r/w access while processing ESP_FIFO
Debian Bug report logs - #827024 qemu: CVE-2016-5338: scsi: esp: OOB r/w access while processing ESP_FIFO Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 11 Jun 2016 10:12:02 UTC Severity: normal ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-4439 CVE-2016-4441
Debian Bug report logs - #824856 qemu: CVE-2016-4439 CVE-2016-4441 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 20 May 2016 13:21:07 UTC Severity: important Tags: patch, security, upstream Fou ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-5106: scsi: megasas: out-of-bounds write while setting controller properties
Debian Bug report logs - #825615 qemu: CVE-2016-5106: scsi: megasas: out-of-bounds write while setting controller properties Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 28 May 2016 07:51:09 UTC ...
Red Hat: CVE-2016-4952
Quick Emulator(Qemu) built with the VMWARE PVSCSI paravirtual SCSI bus emulation support is vulnerable to an OOB r/w access issue It could occur while processing SCSI commands 'PVSCSI_CMD_SETUP_RINGS' or 'PVSCSI_CMD_SETUP_MSG_RING' A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS ...

Github Repositories

https://github.com/Resery/Learning_Record

在之后的学习中会记录自己每天花在虚拟化上的时间,以下图勉励自己,希望自己可以追赶上别人的步伐 写于20201214 虚拟化:32 hours 学习:64 hours Learning_Record 第一周 ( 2020629 - 202075 ) : STL(一) 弄完STL vector 补C++ 南大计算机基础 第二周 ( 2020706 - 2020712 ) : STL(二) 弄完STL list tr

References

CWE-787https://bugzilla.redhat.com/show_bug.cgi?id=1334384http://www.openwall.com/lists/oss-security/2016/05/23/4https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03774.htmlhttp://www.openwall.com/lists/oss-security/2016/05/23/1http://www.ubuntu.com/usn/USN-3047-1http://www.ubuntu.com/usn/USN-3047-2https://lists.debian.org/debian-lts-announce/2018/11/msg00038.htmlhttps://nvd.nist.govhttps://github.com/Resery/Learning_Recordhttps://usn.ubuntu.com/3047-2/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook