QEMU hw/usb/dev-network.c Integer Overflow Vulnerability (CVE-2016-2538)
QEMU hw/usb/dev-network.c Integer Overflow Vulnerability (CVE-2016-2538)
Release date:
Updated on:
Affected Systems:
QEMU <2.5.1
QEMU
Description:
CVE (CAN) ID: CVE-2016-2538
QEMU is an open source simulator software.
In versions earlier than QEMU 2.5.1, hw/usb/dev-network.c has an integer overflow vulnerability. The local client system administrator can exploit this vulnerability to cause DoS or dos.
<* Source: Qinghao Tang
*>
Suggestion:
Vendor patch:
QEMU
----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://git.qemu.org /? P = qemu. git; a = commit; h = fe3c546c5ff2a6210f9a4d8561cc64051ca8603e
Https://bugzilla.redhat.com/show_bug.cgi? Id = 1303120
Use KVM + Qemu to build a virtual machine in Ubuntu
Linux getting started Tutorial: QEMU for Virtual Machine experience
Ubuntu 12.04 cannot find the Qemu command
Install QEMU + efi bios on Arch Linux
QEMU translation framework and debugging tools
QEMU code analysis: BIOS loading process
QEMU details: click here
QEMU: click here
This article permanently updates the link address: