Published: 29/12/2016 Updated: 10/11/2020

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2

VMScore: 436

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while updating the cursor data in update_cursor_data_virgl. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu
qemu qemu 2.8.0

Debian Bug report logs - #847382 qemu: CVE-2016-9846: display: virtio-gpu: memory leakage while updating cursor Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 7 Dec 2016 18:30:04 UTC Severity: i ...

Several security issues were fixed in QEMU ...

QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue It could occur while updating the cursor data in update_cursor_data_virgl A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host ...

CWE-119 https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html http://www.openwall.com/lists/oss-security/2016/12/05/23 http://www.openwall.com/lists/oss-security/2016/12/05/18 http://www.securityfocus.com/bid/94765 https://security.gentoo.org/glsa/201701-49 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847382 https://usn.ubuntu.com/3261-1/https://nvd.nist.gov

CVE-2016-9846

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect