QEMU is vulnerable to Buffer Overflow. The vulnerability is due to an integer underflow, resulting in a buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len.
CPE | Name | Operator | Version |
---|---|---|---|
qemu:sid | eq | 1:5.1+dfsg-4 | |
qemu:sid | eq | 1:5.1+dfsg-4+b1 | |
qemu:sid | eq | 1:5.1+dfsg-4+b2 | |
qemu:sid | eq | 1:5.1+dfsg-4 | |
qemu:sid | eq | 1:5.1+dfsg-4+b1 | |
qemu:sid | eq | 1:5.1+dfsg-4+b2 |