Note:
This project will be discontinued after December 13, 2021. [more]
2019-03-21
In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations.
Products | Fedora, Qemu |
Type | Out-of-bounds Read (CWE-125) Out-of-bounds Write (CWE-787) |
First patch | - None (likely due to unavailable code) |
Links |
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/
• https://access.redhat.com/errata/RHSA-2019:2425 • https://access.redhat.com/errata/RHSA-2019:2553 • https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg02324.html • https://security.netapp.com/advisory/ntap-20190411-0006/ |