Bugzilla – Bug 1000397
VUL-0: CVE-2016-7423: qemu: scsi: mptsas: OOB access when freeing MPTSASRequest object
Last modified: 2021-09-30 22:35:09 UTC
rh#1376776 Quick emulator(Qemu) built with the LSI SAS1068 Host Bus emulation support, is vulnerable to an invalid memory access issue. It could occur while processing scsi io requests in mptsas_process_scsi_io_request. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host resulting in DoS. Upstream patch -------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03604.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2016/09/16/5 References: https://bugzilla.redhat.com/show_bug.cgi?id=1376776 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7423 http://seclists.org/oss-sec/2016/q3/531 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7423.html
bugbot adjusting priority
looks to me like we are not affected by this, but please have a look yourself
Agreed. We are not affected.