vulnerability
Oracle Linux: CVE-2016-5403: ELSA-2016-1585: qemu-kvm security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:A/AC:L/Au:M/C:N/I:N/A:P) | 07/27/2016 | 08/09/2016 | 12/05/2024 |
Severity
2
CVSS
(AV:A/AC:L/Au:M/C:N/I:N/A:P)
Published
07/27/2016
Added
08/09/2016
Modified
12/05/2024
Description
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
Quick Emulator (QEMU) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement results in unbounded memory allocation on the host controlled by the guest.
Quick Emulator (QEMU) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement results in unbounded memory allocation on the host controlled by the guest.
Solution(s)
oracle-linux-upgrade-qemu-guest-agentoracle-linux-upgrade-qemu-imgoracle-linux-upgrade-qemu-kvmoracle-linux-upgrade-qemu-kvm-tools
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.