Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 584102 (CVE-2016-5107) - <app-emulation/qemu-2.7.0: scsi: megasas: out-of-bounds read in megasas_lookup_frame() function (CVE-2016-5107)
Summary: <app-emulation/qemu-2.7.0: scsi: megasas: out-of-bounds read in megasas_looku...
Alias: CVE-2016-5107
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa cve]
Depends on: CVE-2016-7116
  Show dependency tree
Reported: 2016-05-25 15:38 UTC by Agostino Sarubbo
Modified: 2016-09-26 00:37 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-05-25 15:38:41 UTC
From ${URL} :

Quick Emulator(Qemu) built with the MegaRAID SAS 8708EM2 Host Bus Adapter emulation support is 
vulnerable to an out-of-bounds read access issue. It could occur while looking up MegaRAID Firmware 
Interface(MFI) command frames in 'megasas_lookup_frame' routine.

A privileged user inside guest could use this flaw to read invalid memory leading to crash the Qemu 
process on the host.

Upstream patch:

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2016-06-30 23:55:23 UTC
Upstream patch:;a=commit;h=b60bdd1f1ee1616b7a9aeeffb4088e1ce2710fb2
Comment 2 Matthias Maier gentoo-dev 2016-09-05 05:41:17 UTC
Fixed in at least version 2.7.0. Stabilization of 2.7.0 in #592430

commit 671df1de7a8611d59307ffcd448af451c15003ed
Author: Matthias Maier <>
Date:   Sun Sep 4 23:25:32 2016 -0500

    app-emulation/qemu: version bump to 2.7.0, various security fixes
    3af9187fc6caaf415ab9c0c6d92c9678f65cb17f -> CVE-2016-4001, bug #579734
    3a15cc0e1ee7168db0782133d2607a6bfa422d66 -> CVE-2016-4002, bug #579734
    c98c6c105f66f05aa0b7c1d2a4a3f716450907ef -> CVE-2016-4439, bug #583496
    6c1fef6b59563cc415f21e03f81539ed4b33ad90 -> CVE-2016-4441, bug #583496
    06630554ccbdd25780aa03c3548aaff1eb56dffd ->              , bug #583952
    844864fbae66935951529408831c2f22367a57b6 -> CVE-2016-5337, bug #584094
    b60bdd1f1ee1616b7a9aeeffb4088e1ce2710fb2 ->              , bug #584102
    1b85898025c4cd95dce673d15e67e60e98e91731 ->              , bug #584146
    521360267876d3b6518b328051a2e56bca55bef8 -> CVE-2016-4453, bug #584514
    4e68a0ee17dad7b8d870df0081d4ab2e079016c2 -> CVE-2016-4454, bug #584514
    a6b3167fa0e825aebb5a7cd8b437b6d41584a196 -> CVE-2016-5126, bug #584630
    ff589551c8e8e9e95e211b9d8daafb4ed39f1aec -> CVE-2016-5338, bug #584918
    d3cdc49138c30be1d3c2f83d18f85d9fdee95f1a -> CVE-2016-5238, bug #584918
    1e7aed70144b4673fc26e73062064b6724795e5f ->              , bug #589924
    afd9096eb1882f23929f5b5c177898ed231bac66 -> CVE-2016-5403, bug #589928
    eb700029c7836798046191d62d595363d92c84d4 -> CVE-2016-6835, bug #591244
    ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05 -> CVE-2016-6834, bug #591374
    6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8 -> CVE-2016-6833, bug #591380
    47882fa4975bf0b58dd74474329fdd7154e8f04c -> CVE-2016-6888, bug #591678
    fff39a7ad09da07ef490de05c92c91f22f8002f2 ->              , bug #592430
    Package-Manager: portage-2.2.28
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2016-09-25 22:54:59 UTC
Arches and Maintainer(s), Thank you for your work.
Added to an existing GLSA Request.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2016-09-26 00:37:11 UTC
This issue was resolved and addressed in
 GLSA 201609-01 at
by GLSA coordinator Yury German (BlueKnight).