Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Debian 8 DLA-1927-1 Moderate: QEMU Denial of Service Issues

debian lts
Calendar Grey September 20, 2019
Dist Debian Esm H88
Upgrading QEMU on Debian 8 is vital for enhancing security and addressing critical vulnerabilities like denial of service and buffer overflow. Follow these steps for a smooth update
Several vulnerabilities were found in QEMU, a fast processor emulator (notably used in KVM and Xen HVM virtualization)

Summary

CVE-2016-5126

Heap-based buffer overflow in the iscsi_aio_ioctl function in
block/iscsi.c in QEMU allows local guest OS users to cause a
denial of service (QEMU process crash) or possibly execute
arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.

CVE-2016-5403

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows
local guest OS administrators to cause a denial of service (memory
consumption and QEMU process crash) by submitting requests without
waiting for completion.

CVE-2017-9375

QEMU, when built with USB xHCI controller emulator support, allows
local guest OS privileged users to cause a denial of service
(infinite recursive call) via vectors involving control transfer
descriptors sequencing.

CVE-2019-12068

QEMU scsi disk backend: lsi: exit infinite loop while executing
script

CVE-2019-12155

interface_release_resource in hw/display/qxl.c in QEMU has a NULL
pointer dereference.

CVE-2019-13164

Read the Full Advisory


Package: qemu
Version: 1:2.1+dfsg-12+deb8u12
CVE ID: CVE-2016-5126 CVE-2016-5403 CVE-2017-9375 CVE-2019-12068
Debian Bug: 826151 832619 864219 929353 931351 933741 933742 939868 939869

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.