Launchpad.net

CVE 2016-5403

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

Related bugs and status

CVE-2016-5403 (Candidate) is related to these bugs:

Bug #1584662: [CVE-2016-3710] Multiple Qemu security vulnerabilities

		In	Importance	Status
1584662	[CVE-2016-3710] Multiple Qemu security vulnerabilities	Mirantis OpenStack	High	Fix Released
1584662	[CVE-2016-3710] Multiple Qemu security vulnerabilities	Mirantis OpenStack 6.0.x	High	Won't Fix
1584662	[CVE-2016-3710] Multiple Qemu security vulnerabilities	Mirantis OpenStack 6.1.x	High	Invalid
1584662	[CVE-2016-3710] Multiple Qemu security vulnerabilities	Mirantis OpenStack 7.0.x	High	Invalid
1584662	[CVE-2016-3710] Multiple Qemu security vulnerabilities	Mirantis OpenStack 9.x	High	Fix Released
1584662	[CVE-2016-3710] Multiple Qemu security vulnerabilities	Mirantis OpenStack 10.0.x	High	Invalid
1584662	[CVE-2016-3710] Multiple Qemu security vulnerabilities	Mirantis OpenStack 8.0.x	High	Invalid

Bug #1612089: Fix for CVE-2016-5403 causes crash on migration if memory stats are enabled

		In	Importance	Status
1612089	Fix for CVE-2016-5403 causes crash on migration if memory stats are enabled	qemu (Ubuntu)	High	Fix Released
1612089	Fix for CVE-2016-5403 causes crash on migration if memory stats are enabled	qemu (Ubuntu Xenial)	High	Fix Released
1612089	Fix for CVE-2016-5403 causes crash on migration if memory stats are enabled	qemu (Ubuntu Yakkety)	High	Fix Released
1612089	Fix for CVE-2016-5403 causes crash on migration if memory stats are enabled	qemu (Ubuntu Trusty)	High	Fix Released
1612089	Fix for CVE-2016-5403 causes crash on migration if memory stats are enabled	qemu-kvm (Ubuntu Precise)	High	Fix Released
1612089	Fix for CVE-2016-5403 causes crash on migration if memory stats are enabled	Ubuntu Cloud Archive	High	Invalid
1612089	Fix for CVE-2016-5403 causes crash on migration if memory stats are enabled	Ubuntu Cloud Archive icehouse	Undecided	Fix Committed
1612089	Fix for CVE-2016-5403 causes crash on migration if memory stats are enabled	Ubuntu Cloud Archive mitaka	Undecided	Fix Released
1612089	Fix for CVE-2016-5403 causes crash on migration if memory stats are enabled	Ubuntu Cloud Archive kilo	Undecided	Fix Released
1612089	Fix for CVE-2016-5403 causes crash on migration if memory stats are enabled	Ubuntu Cloud Archive liberty	Undecided	Fix Released

Bug #1615063: QEMU regression (USN-3047-2)

		In	Importance	Status
1615063	QEMU regression (USN-3047-2)	Mirantis OpenStack	High	Fix Released
1615063	QEMU regression (USN-3047-2)	Mirantis OpenStack 7.0.x	High	Invalid
1615063	QEMU regression (USN-3047-2)	Mirantis OpenStack 8.0.x	High	Invalid
1615063	QEMU regression (USN-3047-2)	Mirantis OpenStack 9.x	High	Fix Released

Bug #1617055: Include QEMU 2.6.1 stable into Ubuntu 16.10

Summary				In	Importance	Status
	1617055	Include QEMU 2.6.1 stable into Ubuntu 16.10		qemu (Ubuntu)	Medium	Fix Released

Bug #1641532: machine-types trusty and utopic are not unique (depend on the qemu version)

		In	Importance	Status
1641532	machine-types trusty and utopic are not unique (depend on the qemu version)	qemu (Ubuntu)	Critical	Fix Released
1641532	machine-types trusty and utopic are not unique (depend on the qemu version)	Ubuntu Cloud Archive	Undecided	Fix Released
1641532	machine-types trusty and utopic are not unique (depend on the qemu version)	qemu (Ubuntu Zesty)	Critical	Fix Released
1641532	machine-types trusty and utopic are not unique (depend on the qemu version)	qemu (Ubuntu Yakkety)	High	Fix Released
1641532	machine-types trusty and utopic are not unique (depend on the qemu version)	qemu (Ubuntu Xenial)	High	Fix Released
1641532	machine-types trusty and utopic are not unique (depend on the qemu version)	Ubuntu Cloud Archive liberty	Critical	Fix Released

Bug #1644639: [FEATURE] UbuntuKVM: Enable seccomp support in QEMU

Summary				In	Importance	Status
	1644639	[FEATURE] UbuntuKVM: Enable seccomp support in QEMU		qemu (Ubuntu)	Wishlist	Fix Released

Bug #1647389: Regression: Live migrations can still crash after CVE-2016-5403 fix

Summary				In	Importance	Status
	1647389	Regression: Live migrations can still crash after CVE-2016-5403 fix		qemu (Ubuntu)	High	Fix Released
	1647389	Regression: Live migrations can still crash after CVE-2016-5403 fix		qemu (Ubuntu Xenial)	High	Fix Released

Bug #1894772: live migration of windows 2012 r2 instance with virtio balloon driver fails from mitaka to queens.

		In	Importance	Status
1894772	live migration of windows 2012 r2 instance with virtio balloon driver fails from mitaka to queens.	qemu (Ubuntu)	Medium	Incomplete
1894772	live migration of windows 2012 r2 instance with virtio balloon driver fails from mitaka to queens.	qemu (Ubuntu Bionic)	Medium	Incomplete
1894772	live migration of windows 2012 r2 instance with virtio balloon driver fails from mitaka to queens.	qemu (Ubuntu Groovy)	Medium	Won't Fix
1894772	live migration of windows 2012 r2 instance with virtio balloon driver fails from mitaka to queens.	qemu (Ubuntu Focal)	Medium	Incomplete

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-5403

Related bugs and status

Related bugs

References