CVE-2016-4441 in QEMUinfo

Summary

The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

05/02/2016

Disclosure

05/20/2016

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
87560	QEMU 53C9X Fast SCSI Controller Support esp.c get_cmd memory corruption	119	Not defined	Official fix	CVE-2016-4441

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!