Skip to main content

Use of Uninitialized Resource

CVE-2016-5105

Severity Medium
Score 4.4/10

Summary

The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • NONE
  • HIGH
  • HIGH
  • NONE

CWE-908 - Use of Uninitialized Resource

The software uses or accesses a resource that has not been initialized.

References

Advisory Timeline

  • Published