CVE-2016-5338

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/06/2016
Last modified:
12/04/2025

Description

The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* 2.6.2 (including)
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*