CVE-2016-3712

LOW

Description

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

References

http://rhn.redhat.com/errata/RHSA-2016-2585.html

http://rhn.redhat.com/errata/RHSA-2017-0621.html

http://support.citrix.com/article/CTX212736

http://www.debian.org/security/2016/dsa-3573

http://www.openwall.com/lists/oss-security/2016/05/09/4

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/90314

http://www.securitytracker.com/id/1035794

http://www.ubuntu.com/usn/USN-2974-1

http://xenbits.xen.org/xsa/advisory-179.html

https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01196.html

Details

Source: MITRE

Published: 2016-05-11

Updated: 2018-01-05

Type: NVD-CWE-Other

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P)

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3.0

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

ID	Name	Product	Family	Severity
111992	OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre)	Nessus	OracleVM Local Security Checks	critical
99828	EulerOS 2.0 SP1 : qemu-kvm (EulerOS-SA-2016-1066)	Nessus	Huawei Local Security Checks	low
99222	Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	low
99082	OracleVM 3.4 : qemu-kvm (OVMSA-2017-0055)	Nessus	OracleVM Local Security Checks	high
99064	Oracle Linux 6 : qemu-kvm (ELSA-2017-0621)	Nessus	Oracle Linux Local Security Checks	low
97952	CentOS 6 : qemu-kvm (CESA-2017:0621)	Nessus	CentOS Local Security Checks	low
97875	RHEL 6 : qemu-kvm (RHSA-2017:0621)	Nessus	Red Hat Local Security Checks	low
95858	Scientific Linux Security Update : qemu-kvm on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	low
95331	CentOS 7 : qemu-kvm (CESA-2016:2585)	Nessus	CentOS Local Security Checks	low
94706	Oracle Linux 7 : qemu-kvm (ELSA-2016-2585)	Nessus	Oracle Linux Local Security Checks	low
94608	SUSE SLES11 Security Update : xen (SUSE-SU-2016:2725-1) (Bunker Buster)	Nessus	SuSE Local Security Checks	high
94548	RHEL 7 : qemu-kvm (RHSA-2016:2585)	Nessus	Red Hat Local Security Checks	low
94269	SUSE SLES12 Security Update : xen (SUSE-SU-2016:2533-1) (Bunker Buster)	Nessus	SuSE Local Security Checks	high
94000	openSUSE Security Update : xen (openSUSE-2016-1170) (Bunker Buster)	Nessus	SuSE Local Security Checks	high
93999	openSUSE Security Update : xen (openSUSE-2016-1169) (Bunker Buster)	Nessus	SuSE Local Security Checks	high
93180	SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1785-1)	Nessus	SuSE Local Security Checks	critical
93170	SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2016:1703-1)	Nessus	SuSE Local Security Checks	high
93169	SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1698-1)	Nessus	SuSE Local Security Checks	critical
92854	OracleVM 3.4 : qemu-kvm (OVMSA-2016-0096)	Nessus	OracleVM Local Security Checks	medium
92635	Debian DLA-571-1 : xen security update (Bunker Buster)	Nessus	Debian Local Security Checks	high
92601	OracleVM 3.3 : xen (OVMSA-2016-0089)	Nessus	OracleVM Local Security Checks	high
92201	Fedora 23 : 2:qemu (2016-f2b1f07256)	Nessus	Fedora Local Security Checks	high
92198	Fedora 23 : xen (2016-f1c21e3c3c)	Nessus	Fedora Local Security Checks	high
92135	Fedora 22 : 2:qemu (2016-a3298e39f7)	Nessus	Fedora Local Security Checks	high
92134	Fedora 24 : xen (2016-a21b2cb7a0)	Nessus	Fedora Local Security Checks	high
92127	Fedora 22 : xen (2016-8fd9019541)	Nessus	Fedora Local Security Checks	high
91980	openSUSE Security Update : qemu (openSUSE-2016-839)	Nessus	SuSE Local Security Checks	high
91938	FreeBSD : xen-tools -- QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks (e6ce6f50-4212-11e6-942d-bc5ff45d0f28)	Nessus	FreeBSD Local Security Checks	high
91920	Debian DLA-540-1 : qemu security update	Nessus	Debian Local Security Checks	high
91919	Debian DLA-539-1 : qemu-kvm security update	Nessus	Debian Local Security Checks	high
91756	OracleVM 3.2 : xen (OVMSA-2016-0081)	Nessus	OracleVM Local Security Checks	high
91660	SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2016:1560-1)	Nessus	SuSE Local Security Checks	high
91352	Citrix XenServer Multiple Vulnerabilities (CTX212736)	Nessus	Misc.	critical
91122	Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : qemu, qemu-kvm vulnerabilities (USN-2974-1)	Nessus	Ubuntu Local Security Checks	high
91025	Debian DSA-3573-1 : qemu - security update	Nessus	Debian Local Security Checks	high