ID CVE-2016-9921
Summary Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS.
References
Vulnerable Configurations
  • cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 07-09-2018 - 10:29)
Impact:
Exploitability:
CWE CWE-369
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2017:2392
  • rhsa
    id RHSA-2017:2408
refmap via4
bid 94803
gentoo GLSA-201701-49
mlist
  • [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
  • [oss-security] 20161209 Re: CVE request Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy
Last major update 07-09-2018 - 10:29
Published 23-12-2016 - 22:59
Back to Top