Your submission was sent successfully! Close

CVE-2016-2858

Published: 07 April 2016

QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:2.5+dfsg-5ubuntu10.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.0.0+dfsg-2ubuntu1.24)
Patches:
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=3c52ddcdc548e7fbe65112d8a7bdc9cd105b4750 (bp1)
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=74074e8a7c60592cf1cc6469dbc2550d24aeded3 (bp2)
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=9f14b0add1dcdbfa2ee61051d068211fb0a1fcc9 (bp3)
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=443590c2044968a97f5e7cddd35100c6075856a4 (improve)
qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist