Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-5403

Опубликовано: 27 июл. 2016
Источник: redhat
CVSS3: 3.4
CVSS2: 2.3

Описание

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

Quick Emulator (QEMU) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement results in unbounded memory allocation on the host controlled by the guest.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmAffected
Red Hat Enterprise Linux 5xenWill not fix
Red Hat Enterprise Linux 6qemu-kvm-rhevAffected
Red Hat OpenStack Platform 10 (Newton)qemu-kvm-rhevNot affected
Red Hat Enterprise Linux 5kvmFixedRHSA-2016:194327.09.2016
Red Hat Enterprise Linux 6qemu-kvmFixedRHSA-2016:158509.08.2016
Red Hat Enterprise Linux 7qemu-kvmFixedRHSA-2016:160611.08.2016
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6qemu-kvm-rhevFixedRHSA-2016:165223.08.2016
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7qemu-kvm-rhevFixedRHSA-2016:165523.08.2016
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7qemu-kvm-rhevFixedRHSA-2016:165423.08.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1358359Qemu: virtio: unbounded memory allocation on host via guest leading to DoS

3.4 Low

CVSS3

2.3 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-5403

CVSS3: 5.5
ubuntu
около 9 лет назад

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

nvd логотип

CVE-2016-5403

CVSS3: 5.5
nvd
около 9 лет назад

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

debian логотип

CVE-2016-5403

CVSS3: 5.5
debian
около 9 лет назад

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local ...

github логотип

GHSA-w9gj-prpq-pxm9

CVSS3: 5.5
github
больше 3 лет назад

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

oracle-oval логотип

ELSA-2016-1585

oracle-oval
около 9 лет назад

ELSA-2016-1585: qemu-kvm security update (MODERATE)

3.4 Low

CVSS3

2.3 Low

CVSS2