QEMU (aka Quick Emulator) is vulnerable to denial of service (DoS). When built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, it allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.
CPE | Name | Operator | Version |
---|---|---|---|
qemu:xenial | eq | 1:2.5+dfsg-5ubuntu10 | |
qemu:stretch | eq | 1:2.8+dfsg-6+deb9u9 |
www.openwall.com/lists/oss-security/2017/06/08/1
www.securityfocus.com/bid/99010
bugzilla.redhat.com/show_bug.cgi?id=1459477
lists.debian.org/debian-lts-announce/2018/09/msg00007.html
lists.debian.org/debian-lts-announce/2020/07/msg00020.html
lists.gnu.org/archive/html/qemu-devel/2017-06/msg01309.html
lists.gnu.org/archive/html/qemu-devel/2017-06/msg01313.html