CVE - CVE-2016-5107

CVE-ID
CVE-2016-5107	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:90874 URL:http://www.securityfocus.com/bid/90874 MISC:GLSA-201609-01 URL:https://security.gentoo.org/glsa/201609-01 MISC:USN-3047-1 URL:http://www.ubuntu.com/usn/USN-3047-1 MISC:USN-3047-2 URL:http://www.ubuntu.com/usn/USN-3047-2 MISC:[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html MISC:[oss-security] 20160525 CVE Request Qemu: scsi: megasas: out-of-bounds read in megasas_lookup_frame() function URL:http://www.openwall.com/lists/oss-security/2016/05/25/7 MISC:[oss-security] 20160526 Re: CVE Request Qemu: scsi: megasas: out-of-bounds read in megasas_lookup_frame() function URL:http://www.openwall.com/lists/oss-security/2016/05/26/9 MISC:[qemu-devel] 20160525 [Qemu-devel] [PATCH v2] scsi: megasas: check 'read_queue_head' index val URL:https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04424.html MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1336461 URL:https://bugzilla.redhat.com/show_bug.cgi?id=1336461
Assigning CNA
Red Hat, Inc.
Date Record Created
20160526	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20160526)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)