CVE-2016-3712

5.5MEDIUM

Key Information:

Vendor: Oracle
Status: Vm Server
Vendor: CVE Published:; 11 May 2016

Summary

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

References

http://xenbits.xen.org/xsa/advisory-179.html

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/ovmbull...

x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2017-0621.html

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 11, 2016
Vulnerability Reserved
Mar 30, 2016