VYPR
← All advisories
Medium severity4.4NVD Advisory· Published Jun 14, 2016· Updated May 6, 2026

CVE-2016-5238

CVE-2016-5238

Description

The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.

Affected products

5
  • QEMU/Qemu
    cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
    Range: <=2.6.2
  • Canonical/Ubuntu Linux3 versions
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*+ 2 more
    • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • Debian/Debian Linux
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

10

News mentions

0

No linked articles in our index yet.