Integer Overflow in VGA Module of QEMU
CVE-2016-3712
5.5MEDIUM
Summary
The VGA module in QEMU is susceptible to an integer overflow issue, which allows local users operating within a guest OS to manipulate VGA registers in VBE mode. This manipulation can trigger an out-of-bounds read, potentially leading to a denial of service through the crash of the QEMU process. This vulnerability emphasizes the importance of securing the virtualization environment to protect against unauthorized access and system interruptions.
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved