PT-2016-7791 · Qemu+5 · Qemu+5
Prasad Pandit
·
Publicado
2016-12-31
·
Atualizado
2021-08-04
·
CVE-2016-9603
CVSS v3.1
9.9
Crítica
| Vetor | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
QEMU versions prior to 2.9
Description
A heap buffer overflow issue was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support. The issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. This could allow a privileged user/process inside a guest to crash the QEMU process or potentially execute arbitrary code on the host with privileges of the QEMU process.
Recommendations
For QEMU versions prior to 2.9, update to version 2.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the VNC display driver support until a patch is available. Avoid using the VNC client to update its display after a VGA operation is performed by a guest until the issue is resolved.
Exploit
Correção
Buffer Overflow
Heap Based Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Alt Linux
Centos
Qemu
Red Hat
Suse
Ubuntu