DEBIAN-CVE-2016-5105

Source
https://security-tracker.debian.org/tracker/DEBIAN-CVE-2016-5105
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2016-5105.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2016-5105
Upstream
Published
2016-09-02T14:59:02Z
Modified
2025-09-19T06:08:32Z
Summary
[none]
Details

The megasasdcmdcfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command.

References

Affected packages

Debian:11 / qemu

Package

Name
qemu
Purl
pkg:deb/debian/qemu?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.6+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / qemu

Package

Name
qemu
Purl
pkg:deb/debian/qemu?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.6+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / qemu

Package

Name
qemu
Purl
pkg:deb/debian/qemu?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.6+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / qemu

Package

Name
qemu
Purl
pkg:deb/debian/qemu?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.6+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}