Out-of-bounds Write and Code Execution Vulnerability in QEMU's ESP/NCR53C9x Controller Emulation

Out-of-bounds Write and Code Execution Vulnerability in QEMU's ESP/NCR53C9x Controller Emulation

CVE-2016-6351 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer.

Learn more about our Web Application Penetration Testing UK.