CVE-2016-5338

The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
qemuqemu
𝑥
≤ 2.6.2
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bullseye
1:5.2+dfsg-11+deb11u3
fixed
wheezy
no-dsa
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
bookworm
1:7.2+dfsg-7+deb12u7
fixed
sid
1:9.1.1+ds-2
fixed
trixie
1:9.1.1+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu
xenial
Fixed 1:2.5+dfsg-5ubuntu10.3
released
wily
ignored
trusty
Fixed 2.0.0+dfsg-2ubuntu1.26
released
precise
dne
qemu-kvm
xenial
dne
wily
dne
trusty
dne
precise
not-affected
References
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec
http://www.openwall.com/lists/oss-security/2016/06/07/3
http://www.openwall.com/lists/oss-security/2016/06/08/14
http://www.securityfocus.com/bid/91079
http://www.ubuntu.com/usn/USN-3047-1
http://www.ubuntu.com/usn/USN-3047-2
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html
https://security.gentoo.org/glsa/201609-01
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec
http://www.openwall.com/lists/oss-security/2016/06/07/3
http://www.openwall.com/lists/oss-security/2016/06/08/14
http://www.securityfocus.com/bid/91079
http://www.ubuntu.com/usn/USN-3047-1
http://www.ubuntu.com/usn/USN-3047-2
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html
https://security.gentoo.org/glsa/201609-01