Lucene search
RedHatRHSA-2016:1585HistoryAug 09, 2016 - 5:11 p.m.
(RHSA-2016:1585) Moderate: qemu-kvm security update
2016-08-0917:11:51
access.redhat.com
11
0.001 Low
EPSS
Percentile
22.9%
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM.
Security Fix(es):
- Quick emulator(Qemu) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement and therefore causes unbounded memory allocation on the host controlled by the guest. (CVE-2016-5403)
Red Hat would like to thank hongzhenhao (Marvel Team) for reporting this issue.
Related
cvelist
cvelist
CVE-2016-5403
2016-08-02 16:00:00
freebsd
freebsd
xen-tools -- virtio: unbounded memory allocation issue
2016-07-27 00:00:00
prion
prion
Design/Logic Flaw
2016-08-02 16:59:00
openvas
openvas
RedHat Update for qemu-kvm RHSA-2016:1585-01
2016-08-10 00:00:00
CentOS Update for qemu-guest-agent CESA-2016:1585 centos6
2016-08-10 00:00:00
CentOS Update for kmod-kvm CESA-2016:1943 centos5
2016-09-29 00:00:00
nessus
nessus
CentOS 6 : qemu-kvm (CESA-2016:1585)
2016-08-10 00:00:00
RHEL 6 : qemu-kvm (RHSA-2016:1585)
2016-08-10 00:00:00
Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20160809)
2016-08-11 00:00:00
ubuntucve
ubuntucve
CVE-2016-5403
2016-08-02 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:12:39
redhatcve
redhatcve
CVE-2016-5403
2016-07-27 15:18:30
xen
xen
virtio: unbounded memory allocation issue
2016-07-27 15:00:00
redhat
redhat
(RHSA-2016:1652) Moderate: qemu-kvm-rhev security update
2016-08-23 06:04:11
(RHSA-2016:1586) Moderate: qemu-kvm-rhev security update
2016-08-09 17:12:09
(RHSA-2016:1655) Moderate: qemu-kvm-rhev security update
2016-08-23 06:04:54
debiancve
debiancve
CVE-2016-5403
2016-08-02 16:59:03
centos
centos
qemu security update
2016-08-09 20:30:28
libcacard, qemu security update
2016-08-12 11:28:17
kmod, kvm security update
2016-09-28 13:59:56
nvd
nvd
CVE-2016-5403
2016-08-02 16:59:03
cve
cve
CVE-2016-5403
2016-08-02 16:59:03
osv
osv
CVE-2016-5403
2016-08-02 16:59:00
qemu - security update
2016-07-30 00:00:00
qemu-kvm - security update
2016-07-30 00:00:00
oraclelinux
oraclelinux
kvm security update
2016-09-27 00:00:00
qemu-kvm security update
2016-08-11 00:00:00
qemu-kvm security update
2016-08-09 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: xen-4.5.3-9.fc23
2016-08-08 23:59:11
[SECURITY] Fedora 24 Update: xen-4.6.3-4.fc24
2016-08-05 21:00:09
ibm
ibm
Security Bulletin: Vulnerabilities in Qemu-kvm affect IBM SmartCloud Entry
2020-07-19 00:49:12
debian
debian
[SECURITY] [DLA 573-1] qemu security update
2016-07-30 10:22:30
[SECURITY] [DLA 574-1] qemu-kvm security update
2016-07-30 10:43:04
[SECURITY] [DLA 1927-1] qemu security update
2019-09-20 09:19:02
ubuntu
ubuntu
QEMU vulnerabilities
2016-08-04 00:00:00
QEMU regression
2016-08-12 00:00:00
QEMU vulnerabilities
2016-11-09 00:00:00
suse
suse
Security update for qemu (important)
2016-10-21 19:08:51
Security update for qemu (important)
2016-10-26 14:11:23
Security update for xen (important)
2016-11-04 15:11:21
mageia
mageia
Updated xen packages fix security vulnerability
2017-01-09 23:29:57