Debian 8 DLA-1927-1 Moderate: QEMU Denial of Service Issues
debian lts
September 20, 2019
Several vulnerabilities were found in QEMU, a fast processor emulator (notably used in KVM and Xen HVM virtualization)
Summary
CVE-2016-5126
Heap-based buffer overflow in the iscsi_aio_ioctl function in
block/iscsi.c in QEMU allows local guest OS users to cause a
denial of service (QEMU process crash) or possibly execute
arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
CVE-2016-5403
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows
local guest OS administrators to cause a denial of service (memory
consumption and QEMU process crash) by submitting requests without
waiting for completion.
CVE-2017-9375
QEMU, when built with USB xHCI controller emulator support, allows
local guest OS privileged users to cause a denial of service
(infinite recursive call) via vectors involving control transfer
descriptors sequencing.
CVE-2019-12068
QEMU scsi disk backend: lsi: exit infinite loop while executing
script
CVE-2019-12155
interface_release_resource in hw/display/qxl.c in QEMU has a NULL
pointer dereference.
CVE-2019-13164
PREVIOUS
NEXT
Package: qemu
Version: 1:2.1+dfsg-12+deb8u12
CVE ID: CVE-2016-5126 CVE-2016-5403 CVE-2017-9375 CVE-2019-12068
Debian Bug: 826151 832619 864219 929353 931351 933741 933742 939868 939869
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!