Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-7170

Опубликовано: 08 сент. 2016
Источник: redhat
CVSS3: 3.5
CVSS2: 3.8

Описание

The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command.

Quick Emulator (QEMU) built with the VMware-SVGA chipset emulation support is vulnerable to an OOB stack memory write issue. It could occur while processing VGA commands in 'vmsvga_fifo_run' routine. A privileged user inside guest could use this flaw to crash the QEMU process resulting in DoS.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmWill not fix
Red Hat Enterprise Linux 5xenNot affected
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvm-rhevNot affected
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)qemu-kvm-rhevNot affected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)qemu-kvm-rhevNot affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)qemu-kvm-rhevNot affected
Red Hat OpenStack Platform 8 (Liberty)qemu-kvm-rhevNot affected
Red Hat OpenStack Platform 9 (Mitaka)qemu-kvm-rhevNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-121
https://bugzilla.redhat.com/show_bug.cgi?id=1374702Qemu: vmware_vga: OOB stack memory access when processing svga command

3.5 Low

CVSS3

3.8 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-7170

CVSS3: 4.4
ubuntu
около 9 лет назад

The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command.

nvd логотип

CVE-2016-7170

CVSS3: 4.4
nvd
около 9 лет назад

The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command.

debian логотип

CVE-2016-7170

CVSS3: 4.4
debian
около 9 лет назад

The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Q ...

github логотип

GHSA-g884-2vqj-jrfw

CVSS3: 4.4
github
больше 3 лет назад

The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command.

suse-cvrf логотип

SUSE-SU-2016:2902-1

suse-cvrf
около 9 лет назад

Security update for kvm

3.5 Low

CVSS3

3.8 Low

CVSS2