{ "threat_severity" : "Moderate", "public_date" : "2016-05-24T00:00:00Z", "bugzilla" : { "description" : "Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl", "id" : "1340924", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1340924" }, "cvss" : { "cvss_base_score" : "4.3", "cvss_scoring_vector" : "AV:A/AC:M/Au:N/C:N/I:P/A:P", "status" : "verified" }, "cvss3" : { "cvss3_base_score" : "5.4", "cvss3_scoring_vector" : "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "status" : "verified" }, "cwe" : "CWE-120", "details" : [ "Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.", "Quick Emulator(QEMU) built with the Block driver for iSCSI images support (virtio-blk) is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl(2) calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in denial of service, or potentially leverage it to execute arbitrary code with QEMU-process privileges on the host." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2016-08-11T00:00:00Z", "advisory" : "RHSA-2016:1606", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "qemu-kvm-10:1.5.3-105.el7_2.7" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", "release_date" : "2016-08-23T00:00:00Z", "advisory" : "RHSA-2016:1655", "cpe" : "cpe:/a:redhat:openstack:5::el7", "package" : "qemu-kvm-rhev-10:2.3.0-31.el7_2.21" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", "release_date" : "2016-08-23T00:00:00Z", "advisory" : "RHSA-2016:1654", "cpe" : "cpe:/a:redhat:openstack:6::el7", "package" : "qemu-kvm-rhev-10:2.3.0-31.el7_2.21" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7", "release_date" : "2016-08-23T00:00:00Z", "advisory" : "RHSA-2016:1653", "cpe" : "cpe:/a:redhat:openstack:7::el7", "package" : "qemu-kvm-rhev-10:2.3.0-31.el7_2.21" }, { "product_name" : "Red Hat OpenStack Platform 8.0 (Liberty)", "release_date" : "2016-08-24T00:00:00Z", "advisory" : "RHSA-2016:1756", "cpe" : "cpe:/a:redhat:openstack:8::el7", "package" : "qemu-kvm-rhev-10:2.3.0-31.el7_2.21" }, { "product_name" : "Red Hat OpenStack Platform 9.0 (Mitaka)", "release_date" : "2016-08-24T00:00:00Z", "advisory" : "RHSA-2016:1763", "cpe" : "cpe:/a:redhat:openstack:9::el7", "package" : "qemu-kvm-rhev-10:2.3.0-31.el7_2.21" }, { "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-7", "release_date" : "2016-08-12T00:00:00Z", "advisory" : "RHSA-2016:1607", "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package" : "qemu-kvm-rhev-10:2.3.0-31.el7_2.21" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "kvm", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "xen", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "qemu-kvm", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", "fix_state" : "Not affected", "package_name" : "qemu-kvm-rhev", "cpe" : "cpe:/a:redhat:openstack:5::el6" }, { "product_name" : "Red Hat OpenStack Platform 10 (Newton)", "fix_state" : "Not affected", "package_name" : "qemu-kvm-rhev", "cpe" : "cpe:/a:redhat:openstack:10" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-5126\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5126" ], "name" : "CVE-2016-5126", "csaw" : false }