CVE-2016-5126: Buffer Overflow

First published: Mon May 30 2016(Updated: )

Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
QEMU KVM	<=2.6.2
Canonical Ubuntu Linux	=12.04
Canonical Ubuntu Linux	=14.04
Canonical Ubuntu Linux	=16.04
Oracle Linux	=7
Debian Debian Linux	=8.0
Redhat Openstack	=6.0
Redhat Openstack	=7.0
Redhat Openstack	=8
Redhat Openstack	=9
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Eus	=7.2
Redhat Enterprise Linux Eus	=7.3
Redhat Enterprise Linux Eus	=7.4
Redhat Enterprise Linux Eus	=7.5
Redhat Enterprise Linux Eus	=7.6
Redhat Enterprise Linux Eus	=7.7
Red Hat Enterprise Linux Server	=7.0
Red Hat Enterprise Linux Server	=7.2
Red Hat Enterprise Linux Server	=7.3
Red Hat Enterprise Linux Server	=7.4
Red Hat Enterprise Linux Server	=7.6
Red Hat Enterprise Linux Server	=7.7
Red Hat Enterprise Linux Server	=7.2
Red Hat Enterprise Linux Server	=7.3
Red Hat Enterprise Linux Server	=7.6
Red Hat Enterprise Linux Server	=7.7
Redhat Enterprise Linux Workstation	=7.0
Redhat Openstack	=5.0
Redhat Virtualization	=3.0
Red Hat Enterprise Linux	=7.0

Remedy

https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html

Never miss a vulnerability like this again

Reference Links

agent/type
agent/first-publish-date
agent/references
collector/mitre-cve
source/MITRE
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2016-5126
agent/severity
agent/author
agent/last-modified-date
agent/remedy
agent/weakness
agent/description
agent/event
agent/trending
agent/softwarecombine
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/qemu
canonical/qemu kvm
version/qemu kvm/2.6.2
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/12.04
version/canonical ubuntu linux/14.04
version/canonical ubuntu linux/16.04
vendor/oracle
canonical/oracle linux
version/oracle linux/7
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
vendor/redhat
canonical/redhat openstack
version/redhat openstack/6.0
version/redhat openstack/7.0
version/redhat openstack/8
version/redhat openstack/9
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/7.2
version/redhat enterprise linux eus/7.3
version/redhat enterprise linux eus/7.4
version/redhat enterprise linux eus/7.5
version/redhat enterprise linux eus/7.6
version/redhat enterprise linux eus/7.7
canonical/red hat enterprise linux server
version/red hat enterprise linux server/7.0
version/red hat enterprise linux server/7.2
version/red hat enterprise linux server/7.3
version/red hat enterprise linux server/7.4
version/red hat enterprise linux server/7.6
version/red hat enterprise linux server/7.7
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/7.0
version/redhat openstack/5.0
canonical/redhat virtualization
version/redhat virtualization/3.0
canonical/red hat enterprise linux
version/red hat enterprise linux/7.0

CVE-2016-5126: Buffer Overflow

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact