VYPR
← All advisories
Medium severity6.0NVD Advisory· Published Sep 2, 2016· Updated May 6, 2026

CVE-2016-5106

CVE-2016-5106

Description

The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command.

Affected products

5
  • QEMU/Qemu
    cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
    Range: <=2.6.2
  • Canonical/Ubuntu Linux3 versions
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*+ 2 more
    • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • Debian/Debian Linux
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.