CVE-2016-9923

Published: 23 December 2016

Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored

Ubuntu 14.04 ESM (Trusty Tahr) Ignored

Patches:
Upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=a4afa548fc6dd9842ed86639b4d37d4d1c4ad480
qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist