QEMU iscsi_aio_ioctl Heap Buffer Overflow Vulnerability (CVE-2016-5126)
QEMU iscsi_aio_ioctl Heap Buffer Overflow Vulnerability (CVE-2016-5126)
Release date:
Updated on:
Affected Systems:
QEMU
Description:
CVE (CAN) ID: CVE-2016-5126
QEMU is an open source simulator software.
The QEMU block/iscsi. c/iscsi_aio_ioctl function has the heap buffer overflow vulnerability. A local OS user calls an iSCSI asynchronous I/O ioctl, which can cause a denial of service (QEMU process crash) or execute arbitrary code.
<* Source: Prasad J Pandit
*>
Suggestion:
Vendor patch:
QEMU
----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://git.qemu.org /? P = qemu. git; a = commit; h = a6b3167fa0e825aebb5a7cd8b437b6d42484a196
Https://bugzilla.redhat.com/show_bug.cgi? Id = 1340924
This article permanently updates the link address: