Integer Overflow in VGA Module of QEMU
CVE-2016-3712

5.5MEDIUM

Key Information:

Vendor
Oracle
Status
Vendor
CVE Published:
11 May 2016

Summary

The VGA module in QEMU is susceptible to an integer overflow issue, which allows local users operating within a guest OS to manipulate VGA registers in VBE mode. This manipulation can trigger an out-of-bounds read, potentially leading to a denial of service through the crash of the QEMU process. This vulnerability emphasizes the importance of securing the virtualization environment to protect against unauthorized access and system interruptions.

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.