Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-10028

Опубликовано: 11 дек. 2016
Источник: redhat
CVSS3: 5.4
CVSS2: 3.8
EPSS Низкий

Описание

The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmNot affected
Red Hat Enterprise Linux 5xenNot affected
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvm-rhevNot affected
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)qemu-kvm-rhevNot affected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)qemu-kvm-rhevNot affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)qemu-kvm-rhevNot affected
Red Hat OpenStack Platform 10 (Newton)qemu-kvm-rhevNot affected
Red Hat OpenStack Platform 11 (Ocata)qemu-kvm-rhevNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=1406367Qemu: display: virtio-gpu-3d: OOB access while reading virgl capabilities

EPSS

Процентиль: 25%
0.00087
Низкий

5.4 Medium

CVSS3

3.8 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-10028

CVSS3: 5.5
ubuntu
почти 9 лет назад

The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0.

nvd логотип

CVE-2016-10028

CVSS3: 5.5
nvd
почти 9 лет назад

The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0.

debian логотип

CVE-2016-10028

CVSS3: 5.5
debian
почти 9 лет назад

The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEM ...

github логотип

GHSA-gx43-92cv-f7jq

CVSS3: 5.5
github
больше 3 лет назад

The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0.

fstec логотип

BDU:2021-03332

CVSS3: 5.5
fstec
около 9 лет назад

Уязвимость функции virgl_cmd_get_capset компонента hw/display/virtio-gpu-3d.c эмулятора аппаратного обеспечения QEMU, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 25%
0.00087
Низкий

5.4 Medium

CVSS3

3.8 Low

CVSS2