Bug 1340924 (CVE-2016-5126)
Summary: | CVE-2016-5126 Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Prasad Pandit <ppandit> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aortega, apevec, areis, ayoung, chrisw, cvsbot-xmlrpc, gmollett, jen, jschluet, kbasil, knoel, lhh, lpeer, markmc, mrezanin, mst, pbonzini, rbalakri, rbryant, sclewis, security-response-team, slong, srevivo, tdecacqu, virt-maint |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
Quick Emulator(QEMU) built with the Block driver for iSCSI images support (virtio-blk) is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl(2) calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in denial of service, or potentially leverage it to execute arbitrary code with QEMU-process privileges on the host.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-12-15 04:35:30 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1340925, 1340929, 1340930, 1358996, 1358997, 1359743, 1359744, 1359745, 1359747, 1363573, 1363574 | ||
Bug Blocks: | 1340774, 1366416 |
Description
Prasad Pandit
2016-05-30 17:36:23 UTC
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1340925] qemu-2.6.0-4.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1606 https://rhn.redhat.com/errata/RHSA-2016-1606.html This issue has been addressed in the following products: RHEV-H and Agents for RHEL-7 Via RHSA-2016:1607 https://rhn.redhat.com/errata/RHSA-2016-1607.html This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 Via RHSA-2016:1655 https://rhn.redhat.com/errata/RHSA-2016-1655.html This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 Via RHSA-2016:1654 https://rhn.redhat.com/errata/RHSA-2016-1654.html This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 Via RHSA-2016:1653 https://rhn.redhat.com/errata/RHSA-2016-1653.html This issue has been addressed in the following products: Red Hat OpenStack Platform 8.0 (Liberty) Via RHSA-2016:1756 https://rhn.redhat.com/errata/RHSA-2016-1756.html This issue has been addressed in the following products: Red Hat OpenStack Platform 9.0 (Mitaka) Via RHSA-2016:1763 https://rhn.redhat.com/errata/RHSA-2016-1763.html |