CVE 2016-5403
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
Related bugs and status
CVE-2016-5403 (Candidate) is related to these bugs:
Bug #1584662: [CVE-2016-3710] Multiple Qemu security vulnerabilities
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1584662 | [CVE-2016-3710] Multiple Qemu security vulnerabilities | Mirantis OpenStack | High | Fix Released | ||
1584662 | [CVE-2016-3710] Multiple Qemu security vulnerabilities | Mirantis OpenStack 6.0.x | High | Won't Fix | ||
1584662 | [CVE-2016-3710] Multiple Qemu security vulnerabilities | Mirantis OpenStack 6.1.x | High | Invalid | ||
1584662 | [CVE-2016-3710] Multiple Qemu security vulnerabilities | Mirantis OpenStack 7.0.x | High | Invalid | ||
1584662 | [CVE-2016-3710] Multiple Qemu security vulnerabilities | Mirantis OpenStack 9.x | High | Fix Released | ||
1584662 | [CVE-2016-3710] Multiple Qemu security vulnerabilities | Mirantis OpenStack 10.0.x | High | Invalid | ||
1584662 | [CVE-2016-3710] Multiple Qemu security vulnerabilities | Mirantis OpenStack 8.0.x | High | Invalid |
Bug #1612089: Fix for CVE-2016-5403 causes crash on migration if memory stats are enabled
Bug #1615063: QEMU regression (USN-3047-2)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1615063 | QEMU regression (USN-3047-2) | Mirantis OpenStack | High | Fix Released | ||
1615063 | QEMU regression (USN-3047-2) | Mirantis OpenStack 7.0.x | High | Invalid | ||
1615063 | QEMU regression (USN-3047-2) | Mirantis OpenStack 8.0.x | High | Invalid | ||
1615063 | QEMU regression (USN-3047-2) | Mirantis OpenStack 9.x | High | Fix Released |
Bug #1617055: Include QEMU 2.6.1 stable into Ubuntu 16.10
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1617055 | Include QEMU 2.6.1 stable into Ubuntu 16.10 | qemu (Ubuntu) | Medium | Fix Released |
Bug #1641532: machine-types trusty and utopic are not unique (depend on the qemu version)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1641532 | machine-types trusty and utopic are not unique (depend on the qemu version) | qemu (Ubuntu) | Critical | Fix Released | ||
1641532 | machine-types trusty and utopic are not unique (depend on the qemu version) | Ubuntu Cloud Archive | Undecided | Fix Released | ||
1641532 | machine-types trusty and utopic are not unique (depend on the qemu version) | qemu (Ubuntu Zesty) | Critical | Fix Released | ||
1641532 | machine-types trusty and utopic are not unique (depend on the qemu version) | qemu (Ubuntu Yakkety) | High | Fix Released | ||
1641532 | machine-types trusty and utopic are not unique (depend on the qemu version) | qemu (Ubuntu Xenial) | High | Fix Released | ||
1641532 | machine-types trusty and utopic are not unique (depend on the qemu version) | Ubuntu Cloud Archive liberty | Critical | Fix Released |
Bug #1644639: [FEATURE] UbuntuKVM: Enable seccomp support in QEMU
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1644639 | [FEATURE] UbuntuKVM: Enable seccomp support in QEMU | qemu (Ubuntu) | Wishlist | Fix Released |
Bug #1647389: Regression: Live migrations can still crash after CVE-2016-5403 fix
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1647389 | Regression: Live migrations can still crash after CVE-2016-5403 fix | qemu (Ubuntu) | High | Fix Released | ||
1647389 | Regression: Live migrations can still crash after CVE-2016-5403 fix | qemu (Ubuntu Xenial) | High | Fix Released |
Bug #1894772: live migration of windows 2012 r2 instance with virtio balloon driver fails from mitaka to queens.
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1894772 | live migration of windows 2012 r2 instance with virtio balloon driver fails from mitaka to queens. | qemu (Ubuntu) | Medium | Incomplete | ||
1894772 | live migration of windows 2012 r2 instance with virtio balloon driver fails from mitaka to queens. | qemu (Ubuntu Bionic) | Medium | Incomplete | ||
1894772 | live migration of windows 2012 r2 instance with virtio balloon driver fails from mitaka to queens. | qemu (Ubuntu Groovy) | Medium | Won't Fix | ||
1894772 | live migration of windows 2012 r2 instance with virtio balloon driver fails from mitaka to queens. | qemu (Ubuntu Focal) | Medium | Incomplete |
See the
CVE page on Mitre.org
for more details.