CVE-2016-10028 : The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Qui

The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0.

Published 2017-02-27 22:59:00

Updated 2023-02-12 23:16:15

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2016-10028

Qemu » Qemu
Versions up to, including, (<=) 2.8.1.1
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-10028

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 26 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-10028

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:N/A:P	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2016-10028

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-10028

http://www.securityfocus.com/bid/94981

QEMU 'virtio-gpu-3d.c' Denial of Service Vulnerability
Third Party Advisory;VDB Entry
https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html

[Qemu-devel] [PATCH] display: virtio-gpu-3d: check virgl capabilities ma
Patch;Vendor Advisory
http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=abd7f08b2353f43274b785db8c7224f082ef4d31

QEMU · GitLab
http://www.openwall.com/lists/oss-security/2016/12/20/1

oss-security - CVE request Qemu: display: virtio-gpu-3d: OOB access while reading virgl capabilities
Mailing List;Patch;Third Party Advisory
https://security.gentoo.org/glsa/201701-49

QEMU: Multiple vulnerabilities (GLSA 201701-49) — Gentoo security
Third Party Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2016/12/22/14

oss-security - Re: CVE request Qemu: display: virtio-gpu-3d: OOB access while reading virgl capabilities
Mailing List;Patch;Third Party Advisory
http://www.securitytracker.com/id/1037525

QEMU Memory Access Error in VIRTIO_GPU_CMD_GET_CAPSET Command Lets Local Users on a Guest System Cause Denial of Service Conditions on the Host System - SecurityTracker
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2016-10028

Products affected by CVE-2016-10028

Exploit prediction scoring system (EPSS) score for CVE-2016-10028

CVSS scores for CVE-2016-10028

CWE ids for CVE-2016-10028

References for CVE-2016-10028