Bugzilla – Bug 1043312
VUL-1: CVE-2017-9503: xen: scsi: megasas: null pointer dereference while processing megasas command
Last modified: 2017-06-20 17:21:55 UTC
+++ This bug was initially created as a clone of Bug #1043296 +++
Quick Emulator(Qemu) built with the MegaRAID SAS 8708EM2 Host Bus Adapter
emulation support is vulnerable to a null pointer dereference issue. It
could occur while processing megasas commands via megasas_command_complete().
A privileged user inside guest could use this flaw to crash the Qemu process
on the host resulting in DoS.
didn't see 1043297, sorry
*** This bug has been marked as a duplicate of bug 1043297 ***