Lucene search

K

RedhatCVELIST:CVE-2016-5105

HistorySep 02, 2016 - 2:00 p.m.

CVE-2016-5105

2016-09-0214:00:00

redhat

www.cve.org

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.0%

The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command.

References

www.openwall.com/lists/oss-security/2016/05/25/5

www.openwall.com/lists/oss-security/2016/05/26/7

www.ubuntu.com/usn/USN-3047-1

www.ubuntu.com/usn/USN-3047-2

bugzilla.redhat.com/show_bug.cgi?id=1339583

lists.debian.org/debian-lts-announce/2018/11/msg00038.html

lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.0%

Related for CVELIST:CVE-2016-5105

nvd1 cve1 debiancve1 redhatcve1 ubuntucve1 prion1 openvas18 fedora6 nessus18 archlinux2 ibm1 ubuntu2 suse7 osv1 debian1