Описание
The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read.
Quick Emulator(Qemu) built with the VMware-SVGA "chipset" emulation support is vulnerable to an information disclosure issue. It could occur while processing VGA commands via its FIFO buffer. A privileged user inside guest could use this flaw to leak host memory bytes or crash the Qemu process resulting in DoS.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kvm | Will not fix | ||
| Red Hat Enterprise Linux 5 | xen | Not affected | ||
| Red Hat Enterprise Linux 6 | qemu-kvm | Will not fix | ||
| Red Hat Enterprise Linux 6 | qemu-kvm-rhev | Will not fix | ||
| Red Hat Enterprise Linux 7 | qemu-kvm | Will not fix | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-rhev | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) | qemu-kvm-rhev | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | qemu-kvm-rhev | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | qemu-kvm-rhev | Not affected | ||
| Red Hat OpenStack Platform 8 (Liberty) | qemu-kvm-rhev | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
3.8 Low
CVSS2
Связанные уязвимости
The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read.
The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read.
The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU a ...
The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read.
EPSS
3.8 Low
CVSS2