CVE-2016-9846 : QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is v

QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while updating the cursor data in update_cursor_data_virgl. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host.

Published 2016-12-29 22:59:01

Updated 2025-04-12 10:46:41

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2016-9846

Qemu » Qemu
Versions up to, including, (<=) 2.7.1
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Matching versions
Qemu » Qemu » Version: 2.8.0 Update RC0
cpe:2.3:a:qemu:qemu:2.8.0:rc0:*:*:*:*:*:*
Matching versions
Qemu » Qemu » Version: 2.8.0 Update RC1
cpe:2.3:a:qemu:qemu:2.8.0:rc1:*:*:*:*:*:*
Matching versions
Qemu » Qemu » Version: 2.8.0 Update RC2
cpe:2.3:a:qemu:qemu:2.8.0:rc2:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-9846

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 22 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-9846

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
6.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H	2.0	4.0	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Changed Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2016-9846

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-9846

http://www.securityfocus.com/bid/94765

QEMU '/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c' Denial of Service Vulnerability
Third Party Advisory;VDB Entry
https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html

[Qemu-devel] [PATCH] virtio-gpu: fix memory leak in update_cursor_data_v
Patch;Vendor Advisory
https://security.gentoo.org/glsa/201701-49

QEMU: Multiple vulnerabilities (GLSA 201701-49) — Gentoo security
Third Party Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2016/12/05/18

oss-security - CVE request Qemu: display: virtio-gpu: memory leakage while updating cursor
Mailing List;Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/12/05/23

oss-security - Re: CVE request Qemu: display: virtio-gpu: memory leakage while updating cursor
Mailing List;Third Party Advisory

Jump to

Vulnerability Details : CVE-2016-9846

Products affected by CVE-2016-9846

Exploit prediction scoring system (EPSS) score for CVE-2016-9846

CVSS scores for CVE-2016-9846

CWE ids for CVE-2016-9846

References for CVE-2016-9846