CVE-2016-6351

The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
qemuqemu
𝑥
≤ 2.6.2
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bullseye
1:5.2+dfsg-11+deb11u3
fixed
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
bookworm
1:7.2+dfsg-7+deb12u7
fixed
sid
1:9.1.1+ds-2
fixed
trixie
1:9.1.1+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu
xenial
Fixed 1:2.5+dfsg-5ubuntu10.3
released
wily
ignored
trusty
Fixed 2.0.0+dfsg-2ubuntu1.26
released
precise
dne
qemu-kvm
xenial
dne
wily
dne
trusty
dne
precise
not-affected
References
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=cc96677469388bad3d66479379735cf75db069e3
http://www.openwall.com/lists/oss-security/2016/07/25/14
http://www.openwall.com/lists/oss-security/2016/07/26/7
http://www.securityfocus.com/bid/92119
http://www.ubuntu.com/usn/USN-3047-1
http://www.ubuntu.com/usn/USN-3047-2
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=cc96677469388bad3d66479379735cf75db069e3
http://www.openwall.com/lists/oss-security/2016/07/25/14
http://www.openwall.com/lists/oss-security/2016/07/26/7
http://www.securityfocus.com/bid/92119
http://www.ubuntu.com/usn/USN-3047-1
http://www.ubuntu.com/usn/USN-3047-2
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html