Integer Overflow in VGA Module of QEMU
CVE-2016-3712

5.5MEDIUM

Key Information:

Vendor

Oracle
Status
Vm Server
Vendor
CVE Published:
11 May 2016

What is CVE-2016-3712?

The VGA module in QEMU is susceptible to an integer overflow issue, which allows local users operating within a guest OS to manipulate VGA registers in VBE mode. This manipulation can trigger an out-of-bounds read, potentially leading to a denial of service through the crash of the QEMU process. This vulnerability emphasizes the importance of securing the virtualization environment to protect against unauthorized access and system interruptions.

References

http://xenbits.xen.org/xsa/advisory-179.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/ovmbull...
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0621.html
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-3712 : Integer Overflow in VGA Module of QEMU