PT-2016-3003 · Qemu+3 · Qemu+3
Published
2016-12-23
·
Updated
2020-12-14
·
CVE-2016-9912
CVSS v3.1
6.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Qemu (affected versions not specified)
Description
The issue is related to a memory leakage problem in Qemu when built with Virtio GPU Device emulator support. It occurs while destroying the gpu resource object in
virtio gpu resource destroy. A guest user or process could exploit this flaw to leak host memory bytes, potentially resulting in a denial of service (DoS) for the host. The exploitation of this issue may also allow a local attacker to compromise the confidentiality, integrity, and availability of data.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
Resource Exhaustion
Missing Release of Resource after Effective Lifetime
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Qemu
Suse
Ubuntu