ID CVE-2016-3712
Summary Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
References
Vulnerable Configurations
  • cpe:2.3:o:oracle:vm_server:3.3
    cpe:2.3:o:oracle:vm_server:3.3
  • cpe:2.3:o:oracle:vm_server:3.4
    cpe:2.3:o:oracle:vm_server:3.4
  • QEMU
    cpe:2.3:a:qemu:qemu
  • Canonical Ubuntu Linux 15.10
    cpe:2.3:o:canonical:ubuntu_linux:15.10
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
CVSS
Base: 2.1 (as of 09-09-2016 - 22:14)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
redhat via4
advisories
  • bugzilla
    id 1376542
    title RHSA-2016-1756 breaks migration of instances
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment qemu-img is earlier than 10:1.5.3-126.el7
          oval oval:com.redhat.rhsa:tst:20162585005
        • comment qemu-img is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345008
      • AND
        • comment qemu-kvm is earlier than 10:1.5.3-126.el7
          oval oval:com.redhat.rhsa:tst:20162585009
        • comment qemu-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345006
      • AND
        • comment qemu-kvm-common is earlier than 10:1.5.3-126.el7
          oval oval:com.redhat.rhsa:tst:20162585007
        • comment qemu-kvm-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140704018
      • AND
        • comment qemu-kvm-tools is earlier than 10:1.5.3-126.el7
          oval oval:com.redhat.rhsa:tst:20162585011
        • comment qemu-kvm-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345010
    rhsa
    id RHSA-2016:2585
    released 2016-11-03
    severity Moderate
    title RHSA-2016:2585: qemu-kvm security, bug fix, and enhancement update (Moderate)
  • bugzilla
    id 1392520
    title [RHEL6.9] KVM guest shuts itself down after 128th reboot
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment qemu-guest-agent is earlier than 2:0.12.1.2-2.503.el6
          oval oval:com.redhat.rhsa:tst:20170621005
        • comment qemu-guest-agent is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121234008
      • AND
        • comment qemu-img is earlier than 2:0.12.1.2-2.503.el6
          oval oval:com.redhat.rhsa:tst:20170621007
        • comment qemu-img is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345008
      • AND
        • comment qemu-kvm is earlier than 2:0.12.1.2-2.503.el6
          oval oval:com.redhat.rhsa:tst:20170621009
        • comment qemu-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345006
      • AND
        • comment qemu-kvm-tools is earlier than 2:0.12.1.2-2.503.el6
          oval oval:com.redhat.rhsa:tst:20170621011
        • comment qemu-kvm-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345010
    rhsa
    id RHSA-2017:0621
    released 2017-03-21
    severity Moderate
    title RHSA-2017:0621: qemu-kvm security and bug fix update (Moderate)
rpms
  • qemu-img-10:1.5.3-126.el7
  • qemu-kvm-10:1.5.3-126.el7
  • qemu-kvm-common-10:1.5.3-126.el7
  • qemu-kvm-tools-10:1.5.3-126.el7
  • qemu-guest-agent-2:0.12.1.2-2.503.el6
  • qemu-img-2:0.12.1.2-2.503.el6
  • qemu-kvm-2:0.12.1.2-2.503.el6
  • qemu-kvm-tools-2:0.12.1.2-2.503.el6
refmap via4
bid 90314
confirm
debian DSA-3573
mlist
  • [Qemu-devel] 20160509 [PULL 5/5] vga: make sure vga register setup for vbe stays intact (CVE-2016-3712).
  • [oss-security] 20160509 CVE-2016-3712 Qemu: vga: out-of-bounds read and integer overflow issues
sectrack 1035794
ubuntu USN-2974-1
Last major update 30-11-2016 - 22:10
Published 11-05-2016 - 17:59
Back to Top