CVE-2016-7157

Published: 08 September 2016

The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK.

Priority

Low

CVSS 3 base score: 4.4

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=cf2bce203a45d7437029d108357fb23fea0967b6
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=65a8e1f6413a0f6f79894da710b5d6d43361d27d
qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist