1
PublicDateAtUSN: 2016-06-14
2
Candidate: CVE-2016-5238
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5238
6
https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html
7
https://usn.ubuntu.com/usn/usn-3047-1
9
The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS
10
administrators to cause a denial of service (out-of-bounds write and QEMU
11
process crash) via vectors related to reading from the information transfer
12
buffer in non-DMA mode.
15
mdeslaur> qemu-kvm in precise doesn't build esp.c on Ubuntu
17
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826152
18
https://bugzilla.redhat.com/show_bug.cgi?id=1341931
20
Discovered-by: Li Qiang
24
upstream_qemu-kvm: needs-triage
25
precise_qemu-kvm: not-affected
27
vivid/ubuntu-core_qemu-kvm: DNE
28
vivid/stable-phone-overlay_qemu-kvm: DNE
34
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=d3cdc49138c30be1d3c2f83d18f85d9fdee95f1a
35
upstream_qemu: needs-triage
37
trusty_qemu: released (2.0.0+dfsg-2ubuntu1.26)
38
vivid/ubuntu-core_qemu: DNE
39
vivid/stable-phone-overlay_qemu: DNE
40
wily_qemu: ignored (reached end-of-life)
41
xenial_qemu: released (1:2.5+dfsg-5ubuntu10.3)
42
devel_qemu: not-affected (1:2.6+dfsg-3ubuntu1)