Back to bug 1397043
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-11-21 13:16:18 UTC | CC | security-response-team | |
| Adam Mariš | 2016-11-21 13:19:28 UTC | Blocks | 1397044 | |
| Andrej Nemec | 2016-11-24 10:59:54 UTC | Alias | CVE-2016-9637 | |
| Andrej Nemec | 2016-11-24 10:59:58 UTC | Summary | EMBARGOED xsa199 xen: qemu ioport array overflow (XSA-199) | EMBARGOED CVE-2016-9637 xsa199 xen: qemu ioport array overflow (XSA-199) |
| Prasad Pandit | 2016-12-05 13:45:22 UTC | Whiteboard | impact=important,public=20161206,reported=20161118,source=upstream,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=8.0/CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H,fedora-all/xen=affected,rhel-5/xen=new | impact=important,public=20161206,reported=20161118,source=upstream,cvss2=6.5/AV:A/AC:H/Au:S/C:C/I:C/A:C,cvss3=8.0/CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H,fedora-all/xen=affected,rhel-5/xen=new |
| Prasad Pandit | 2016-12-05 13:45:26 UTC | Whiteboard | impact=important,public=20161206,reported=20161118,source=upstream,cvss2=6.5/AV:A/AC:H/Au:S/C:C/I:C/A:C,cvss3=8.0/CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H,fedora-all/xen=affected,rhel-5/xen=new | impact=important,public=20161206,reported=20161118,source=upstream,cvss2=6.5/AV:A/AC:H/Au:S/C:C/I:C/A:C,cvss3=7.6/CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H,fedora-all/xen=affected,rhel-5/xen=new |
| Prasad Pandit | 2016-12-05 13:45:31 UTC | Whiteboard | impact=important,public=20161206,reported=20161118,source=upstream,cvss2=6.5/AV:A/AC:H/Au:S/C:C/I:C/A:C,cvss3=7.6/CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H,fedora-all/xen=affected,rhel-5/xen=new | impact=important,public=20161206,reported=20161118,source=upstream,cvss2=6.5/AV:A/AC:H/Au:S/C:C/I:C/A:C,cvss3=7.6/CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H,cwe=CWE-125,fedora-all/xen=affected,rhel-5/xen=new |
| Prasad Pandit | 2016-12-05 13:49:56 UTC | CC | prasad | |
| Whiteboard | impact=important,public=20161206,reported=20161118,source=upstream,cvss2=6.5/AV:A/AC:H/Au:S/C:C/I:C/A:C,cvss3=7.6/CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H,cwe=CWE-125,fedora-all/xen=affected,rhel-5/xen=new | impact=important,public=20161206,reported=20161118,source=upstream,cvss2=6.5/AV:A/AC:H/Au:S/C:C/I:C/A:C,cvss3=7.6/CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H,cwe=CWE-125,rhel-5/kvm=notaffected,rhel-5/xen=affected,rhel-6/qemu-kvm=notaffected,rhel-7/qemu-kvm=notaffected,rhel-7/qemu-kvm-rhev=notaffected,fedora-all/qemu=notaffected,fedora-all/xen=notaffected,openstack-5/qemu-kvm-rhev=notaffected,openstack-6/qemu-kvm-rhev=notaffected,openstack-7/qemu-kvm-rhev=notaffected,openstack-8/qemu-kvm-rhev=notaffected,openstack-9/qemu-kvm-rhev=notaffected | ||
| Prasad Pandit | 2016-12-05 13:53:17 UTC | Depends On | 1401521 | |
| Adam Mariš | 2016-12-06 13:00:21 UTC | Summary | EMBARGOED CVE-2016-9637 xsa199 xen: qemu ioport array overflow (XSA-199) | CVE-2016-9637 xsa199 xen: qemu ioport array overflow (XSA-199) |
| Adam Mariš | 2016-12-06 13:00:25 UTC | Group | security, qe_staff | |
| Prasad Pandit | 2016-12-07 09:48:29 UTC | Doc Text | An out of bounds array access issue was found in the Xen virtual machine monitor, built with the Qemu ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/process could use this flaw to potentially escalate their privileges on a host. | |
| Summary | CVE-2016-9637 xsa199 xen: qemu ioport array overflow (XSA-199) | CVE-2016-9637 XSA199 Xen: qemu ioport out-of-bounds array access (XSA-199) | ||
| Eric Christensen | 2016-12-07 15:00:12 UTC | Doc Text | An out of bounds array access issue was found in the Xen virtual machine monitor, built with the Qemu ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/process could use this flaw to potentially escalate their privileges on a host. | An out of bounds array access issue was found in the Xen virtual machine monitor, built with the QEMU ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/process could use this flaw to potentially escalate their privileges on a host. |
| Lin Liu | 2016-12-13 05:53:48 UTC | CC | linl | |
| Flags | needinfo?(security-response-team) | |||
| Prasad Pandit | 2016-12-13 14:38:12 UTC | Flags | needinfo?(security-response-team) | |
| Product Security DevOps Team | 2019-09-29 14:00:54 UTC | Whiteboard | impact=important,public=20161206,reported=20161118,source=upstream,cvss2=6.5/AV:A/AC:H/Au:S/C:C/I:C/A:C,cvss3=7.6/CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H,cwe=CWE-125,rhel-5/kvm=notaffected,rhel-5/xen=affected,rhel-6/qemu-kvm=notaffected,rhel-7/qemu-kvm=notaffected,rhel-7/qemu-kvm-rhev=notaffected,fedora-all/qemu=notaffected,fedora-all/xen=notaffected,openstack-5/qemu-kvm-rhev=notaffected,openstack-6/qemu-kvm-rhev=notaffected,openstack-7/qemu-kvm-rhev=notaffected,openstack-8/qemu-kvm-rhev=notaffected,openstack-9/qemu-kvm-rhev=notaffected | |
| PnT Account Manager | 2019-09-30 21:42:07 UTC | CC | rkrcmar | |
| Joshua Padman | 2021-10-21 11:47:54 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2021-10-21 11:47:54 UTC |
Back to bug 1397043