Описание
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:2.11+dfsg-1ubuntu7.41 |
| devel | released | 1:7.0+dfsg-7ubuntu4 |
| esm-infra-legacy/trusty | not-affected | 2.0.0+dfsg-2ubuntu1.47+esm2 |
| esm-infra/bionic | not-affected | 1:2.11+dfsg-1ubuntu7.41 |
| esm-infra/focal | not-affected | 1:4.2-3ubuntu6.24 |
| esm-infra/xenial | released | 1:2.5+dfsg-5ubuntu10.51+esm1 |
| focal | released | 1:4.2-3ubuntu6.24 |
| impish | ignored | end of life |
| jammy | released | 1:6.2+dfsg-2ubuntu6.6 |
| kinetic | released | 1:7.0+dfsg-7ubuntu2.1 |
Показывать по
EPSS
4.4 Medium
CVSS3
Связанные уязвимости
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.
A use-after-free vulnerability was found in the LSI53C895A SCSI Host B ...
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.
EPSS
4.4 Medium
CVSS3