CVE-2016-9602

Related Files

Ubuntu Security Notice USN-3268-1

Posted Apr 25, 2017

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3268-1 - Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. It was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Jann Horn discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to access files on the host file system outside of the shared directory and possibly escalate their privileges. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.

tags | advisory, denial of service

systems | linux, ubuntu

advisories | CVE-2016-10028, CVE-2016-8667, CVE-2016-9602, CVE-2016-9603, CVE-2016-9908, CVE-2016-9912, CVE-2016-9914, CVE-2017-5552, CVE-2017-5578, CVE-2017-5987, CVE-2017-6505

SHA-256 | 55219cd93a67e26cc2c98285217c82a6a4c4a415f32a2bc50c406be0dfd12705

Download | Favorite | View

Ubuntu Security Notice USN-3261-1

Posted Apr 20, 2017

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3261-1 - Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. Li Qiang discovered that QEMU incorrectly handled the 6300esb watchdog. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service

systems | linux, ubuntu

advisories | CVE-2016-10028, CVE-2016-10029, CVE-2016-10155, CVE-2016-7907, CVE-2016-8667, CVE-2016-8669, CVE-2016-9381, CVE-2016-9602, CVE-2016-9603, CVE-2016-9776, CVE-2016-9845, CVE-2016-9846, CVE-2016-9907, CVE-2016-9908, CVE-2016-9911, CVE-2016-9912, CVE-2016-9913, CVE-2016-9914, CVE-2016-9915, CVE-2016-9916, CVE-2016-9921, CVE-2016-9922, CVE-2017-2615, CVE-2017-2620, CVE-2017-2633, CVE-2017-5525, CVE-2017-5526, CVE-2017-5552

SHA-256 | 59e4c93cf0110c0dfbf04c8437a5671ce02bce5e5d84b925280c13d41fc38a3b

Download | Favorite | View

Gentoo Linux Security Advisory 201704-01

Posted Apr 11, 2017

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201704-1 - Multiple vulnerabilities have been found in QEMU, the worst of which could the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 2.8.0-r9 are affected.

tags | advisory, denial of service, arbitrary, vulnerability, code execution

systems | linux, gentoo

advisories | CVE-2016-9602, CVE-2017-2620, CVE-2017-2630, CVE-2017-5973, CVE-2017-5987, CVE-2017-6058, CVE-2017-6505

SHA-256 | 3b251d7fac89e4f118e27fdfd02cda9e0c9a3ccfea63de553eaac89d342ab135

Download | Favorite | View

QEMU Host Filesystem Arbitrary Access

Posted Feb 18, 2017

Authored by Jann Horn, Google Security Research

QEMU has an issue where virtfs permits a guest to access the entire host filesystem.

tags | advisory

advisories | CVE-2016-9602

SHA-256 | 8afb47007c79b3a9ac847f6e9b076ad790c162d53fdddf920e2a3d557b2daeb1

Download | Favorite | View