CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:N/I:N/A:C
EPSS
Percentile
46.6%
Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before
0.15.2, as used by Xen, might allow local guest users with permission to
access the CD-ROM to cause a denial of service (guest crash) via a crafted
SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when
root has manually modified certain permissions or ACLs.
Author | Note |
---|---|
jdstrand | redhat bug has reproducer non-privileged user in the guest can crash qemu. Requires write access to a scsi device, eg /dev/sr0 this only affected the RedHat xen packages, not qemu. Verified issue does not affect qemu-kvm on Ubuntu 12.04, 11.10, 11.04, 10.10, and 10.04 LTS by attaching a scsi CDROM and performing: sg_raw -r 32768 /dev/sr0 9E 10 00 00 00 00 00 00 00 00 00 04 00 00 00 00 sg_raw -r 32768 /dev/sr0 9E 10 00 00 00 00 00 00 00 00 00 01 00 00 00 00 hypervisor code for xen is in universe |
mdeslaur | code seems different in xen, marking as not-affected |