Описание
A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:2.11+dfsg-1ubuntu7.37 |
| devel | released | 1:6.0+dfsg-1~ubuntu3 |
| esm-infra-legacy/trusty | needed | |
| esm-infra/bionic | not-affected | 1:2.11+dfsg-1ubuntu7.37 |
| esm-infra/focal | not-affected | 1:4.2-3ubuntu6.17 |
| esm-infra/xenial | needed | |
| focal | released | 1:4.2-3ubuntu6.17 |
| groovy | released | 1:5.0-5ubuntu9.9 |
| hirsute | released | 1:5.2+dfsg-9ubuntu3.1 |
| impish | released | 1:6.0+dfsg-1~ubuntu3 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE | |
| impish | DNE | |
| jammy | DNE | |
| kinetic | DNE |
Показывать по
EPSS
2.1 Low
CVSS2
3.2 Low
CVSS3
Связанные уязвимости
A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.
A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.
A use-after-free flaw was found in the MegaRAID emulator of QEMU. This ...
A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.
EPSS
2.1 Low
CVSS2
3.2 Low
CVSS3