CVE-2016-5403

Published: 02 August 2016

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus)
Released (1:2.5+dfsg-5ubuntu10.6)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.0.0+dfsg-2ubuntu1.30)
Patches:
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=afd9096eb1882f23929f5b5c177898ed231bac66
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=bccdef6b1a204db0f41ffb6e24ce373e4d7890d4
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=58a83c61496eeb0d31571a07a51bc1947e3379ac
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=4b7f91ed0270a371e1933efa21ba600b6da23ab9
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=104e70cae78bd4afd95d948c6aff188f10508a9c
qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

xen
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(uses system qemu)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [4.4.2-0ubuntu0.14.04.7])
Binaries built from this source package are in Universe and so are supported by the community.

Notes

AuthorNote
mdeslaur the patch for this CVE introduced a regression and was later reverted pending investigation. See LP: #1612089. proposed regression fixes: http://lists.nongnu.org/archive/html/qemu-devel/2016-08/msg01038.html http://lists.nongnu.org/archive/html/qemu-devel/2016-08/msg02666.html

References

Bugs