qemu -- denial of service vulnerability in MegaRAID SAS HBA emulation

ID B3F9F8EF-B1BB-11E5-9728-002590263BF5
Type freebsd
Reporter FreeBSD
Modified 2016-07-06T00:00:00


Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the SCSI MegaRAID SAS HBA emulation support is vulnerable to a stack buffer overflow issue. It occurs while processing the SCSI controller's CTRL_GET_INFO command. A privileged guest user could use this flaw to crash the Qemu process instance resulting in DoS.