Описание
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1:2.6.1+dfsg-0ubuntu9 |
| esm-infra-legacy/trusty | released | 2.0.0+dfsg-2ubuntu1.30 |
| esm-infra/xenial | released | 1:2.5+dfsg-5ubuntu10.6 |
| precise | DNE | |
| trusty | released | 2.0.0+dfsg-2ubuntu1.30 |
| trusty/esm | released | 2.0.0+dfsg-2ubuntu1.30 |
| upstream | needed | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 1:2.5+dfsg-5ubuntu10.6 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | released | 1.0+noroms-0ubuntu14.31 |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needed | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | DNE | |
| yakkety | DNE |
Показывать по
EPSS
2.1 Low
CVSS2
4.4 Medium
CVSS3
Связанные уязвимости
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command.
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command.
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Q ...
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command.
EPSS
2.1 Low
CVSS2
4.4 Medium
CVSS3