Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-10029

The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a scanout id in a VIRTIO_GPU_CMD_SET_SCANOUT command larger than num_scanouts.

Related bugs and status

CVE-2016-10029 (Candidate) is related to these bugs:

Bug #1647389: Regression: Live migrations can still crash after CVE-2016-5403 fix

Summary				In	Importance	Status
	1647389	Regression: Live migrations can still crash after CVE-2016-5403 fix		qemu (Ubuntu)	High	Fix Released
	1647389	Regression: Live migrations can still crash after CVE-2016-5403 fix		qemu (Ubuntu Xenial)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.securitytra...
MISC: http://www.securityfoc...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: http://git.qemu-projec...
MISC: http://git.qemu-projec...