Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-5105

Опубликовано: 02 сент. 2016
Источник: debian
EPSS Низкий

Описание

The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
qemufixed1:2.6+dfsg-2package
qemunot-affectedwheezypackage
qemu-kvmnot-affectedpackage

Примечания

  • Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)

  • https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html

  • https://bugzilla.redhat.com/show_bug.cgi?id=1339583

EPSS

Процентиль: 20%
0.00064
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2016-5105

CVSS3: 4.4
ubuntu
больше 9 лет назад

The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command.

redhat логотип

CVE-2016-5105

redhat
больше 9 лет назад

The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command.

nvd логотип

CVE-2016-5105

CVSS3: 4.4
nvd
больше 9 лет назад

The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command.

github логотип

GHSA-fj37-m473-29p7

CVSS3: 4.4
github
больше 3 лет назад

The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command.

fstec логотип

BDU:2016-02071

fstec
больше 9 лет назад

Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю читать память хоста

EPSS

Процентиль: 20%
0.00064
Низкий