Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.7
CVSSv3

CVE-2016-6351

Published: 07/09/2016 Updated: 12/02/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Qemu

Vulnerability Summary

The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu

canonical ubuntu linux 16.04

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

debian debian linux 8.0

Vendor Advisories

Ubuntu Security Notice: qemu, qemu-kvm regression
USN-3047-1 introduced a regression in QEMU ...
Ubuntu Security Notice: qemu, qemu-kvm vulnerabilities
Several security issues were fixed in QEMU ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-7156: scsi: pvscsi: infintie loop when building SG list
Debian Bug report logs - #837339 qemu: CVE-2016-7156: scsi: pvscsi: infintie loop when building SG list Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 10 Sep 2016 18:12:01 UTC Severity: normal Ta ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-6835: buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device emulation
Debian Bug report logs - #835031 qemu: CVE-2016-6835: buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device emulation Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 21 Aug 2016 14:15: ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-7155: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings
Debian Bug report logs - #837174 qemu: CVE-2016-7155: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 9 Sep 2016 18:36:02 UT ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-7116: 9p: directory traversal flaw in 9p virtio backend
Debian Bug report logs - #836502 qemu: CVE-2016-7116: 9p: directory traversal flaw in 9p virtio backend Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 3 Sep 2016 14:21:02 UTC Severity: normal Ta ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-7157: mptsas: invalid memory access while building configuration pages
Debian Bug report logs - #837603 qemu: CVE-2016-7157: mptsas: invalid memory access while building configuration pages Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 12 Sep 2016 19:18:19 UTC Seve ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-5403: virtio: unbounded memory allocation on host via guest leading to DoS
Debian Bug report logs - #832619 qemu: CVE-2016-5403: virtio: unbounded memory allocation on host via guest leading to DoS Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 27 Jul 2016 15:21:07 UTC ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-6834: infinite loop during packet fragmentation
Debian Bug report logs - #834905 qemu: CVE-2016-6834: infinite loop during packet fragmentation Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Aug 2016 13:57:02 UTC Severity: normal Tags: pend ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-6490: virtio: infinite loop in virtqueue_pop
Debian Bug report logs - #832767 qemu: CVE-2016-6490: virtio: infinite loop in virtqueue_pop Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 28 Jul 2016 16:33:02 UTC Severity: important Tags: pend ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-6836: Information leak in vmxnet3_complete_packet
Debian Bug report logs - #834944 qemu: CVE-2016-6836: Information leak in vmxnet3_complete_packet Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Aug 2016 20:00:01 UTC Severity: normal Tags: pe ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-6351: scsi: esp: oob write access while reading ESP command
Debian Bug report logs - #832621 qemu: CVE-2016-6351: scsi: esp: oob write access while reading ESP command Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 27 Jul 2016 16:03:02 UTC Severity: impor ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-6888
Debian Bug report logs - #834902 qemu: CVE-2016-6888 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Aug 2016 13:33:05 UTC Severity: normal Tags: pending, security, upstream Found in version q ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-6833: net: vmxnet3: use after free while writing
Debian Bug report logs - #834904 qemu: CVE-2016-6833: net: vmxnet3: use after free while writing Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Aug 2016 13:45:06 UTC Severity: important Tags: ...
Red Hat: CVE-2016-6351
The esp_do_dma function in hw/scsi/espc in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer ...

References

NVD-CWE-noinfohttp://www.securityfocus.com/bid/92119http://www.openwall.com/lists/oss-security/2016/07/26/7http://www.ubuntu.com/usn/USN-3047-1http://www.openwall.com/lists/oss-security/2016/07/25/14http://www.ubuntu.com/usn/USN-3047-2https://lists.debian.org/debian-lts-announce/2018/11/msg00038.htmlhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=cc96677469388bad3d66479379735cf75db069e3http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11https://nvd.nist.govhttps://usn.ubuntu.com/3047-2/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmwareCVE-2023-52866CVE-2024-4367CVE-2024-1721CVE-2023-34992XML injectionCVE-2023-52817SQLCVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook