ID CVE-2016-7170
Summary The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command.
References
Vulnerable Configurations
  • cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 01-12-2018 - 11:29)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 92904
confirm http://git.qemu.org/?p=qemu.git;a=commit;h=167d97a3def77ee2dbf6e908b0ecbfe2103977db
mlist
  • [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
  • [oss-security] 20160909 CVE Request Qemu: vmware_vga: OOB stack memory access when processing svga command
  • [oss-security] 20160909 Re: CVE Request Qemu: vmware_vga: OOB stack memory access when processing svga command
  • [qemu-devel] 20160908 [PATCH] vmsvga: correct bitmap and pixmap size checks
suse openSUSE-SU-2016:3237
Last major update 01-12-2018 - 11:29
Published 10-12-2016 - 00:59
Back to Top