CVE-2016-7156

Published: 8 September 2016

The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast.

Priority

CVSS 3 base score: 4.4

Status

Package	Release	Status
qemu-kvm Launchpad, Ubuntu, Debian	upstream	Needed
	precise	Not vulnerable (code not present)
	trusty	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
qemu Launchpad, Ubuntu, Debian	upstream	Needed
	precise	Does not exist
	trusty	Released (2.0.0+dfsg-2ubuntu1.30)
	xenial	Released (1:2.5+dfsg-5ubuntu10.6)
	yakkety	Released (1:2.6.1+dfsg-0ubuntu5.1)
	Patches: upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=49adc5d3f8c6bb75e55ebfeab109c5c37dea65e8

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7156
http://www.openwall.com/lists/oss-security/2016/09/06/3
https://ubuntu.com/security/notices/USN-3125-1
NVD
Launchpad
Debian

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=1373478
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837339

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›