What is CVE-2016-5126?

CVE-2016-5126 is a high-severity vulnerability in Oracle Linux, classified under Out-of-bounds Write. CVSS score: 7.8/10. Published 2016-06-01.

How severe is CVE-2016-5126?

High severity. CVSS v3 base score is 7.8 out of 10.

Buffer overflow in Oracle Linux

CVE-2016-5126

Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl…

Vulnerability class: Buffer Overflow

EPSS: 0.002 (42.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Oracle Linux — versions 7
Qemu
Canonical Ubuntu_linux — versions 12.04, 14.04, 16.04
Debian Debian_linux — versions 8.0
Redhat Enterprise_linux — versions 7.0
Redhat Enterprise_linux_desktop — versions 7.0
Redhat Enterprise_linux_eus — versions 7.2, 7.3, 7.4
Redhat Enterprise_linux_server — versions 7.0
Redhat Enterprise_linux_server_aus — versions 7.2, 7.3, 7.4
Redhat Enterprise_linux_server_tus — versions 7.2, 7.3, 7.6

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

RHSA-2016:1756 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
USN-3047-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
RHSA-2016:1655 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
[oss-security] 20160530 CVE Request Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
RHSA-2016:1763 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
90948 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
RHSA-2016:1653 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2016:1607 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)

Frequently asked questions

What is CVE-2016-5126?: CVE-2016-5126 is a high-severity vulnerability in Oracle Linux, classified under Out-of-bounds Write. CVSS score: 7.8/10. Published 2016-06-01.
How severe is CVE-2016-5126?: High severity. CVSS v3 base score is 7.8 out of 10.