CVE-2016-4454

LOW

Description

The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read.

References

http://www.openwall.com/lists/oss-security/2016/05/30/3

http://www.securityfocus.com/bid/90927

http://www.ubuntu.com/usn/USN-3047-1

http://www.ubuntu.com/usn/USN-3047-2

https://bugzilla.redhat.com/show_bug.cgi?id=1336429

https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html

https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html

https://security.gentoo.org/glsa/201609-01

Details

Source: MITRE

Published: 2016-06-01

Updated: 2020-05-14

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 3.6

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P

Impact Score: 4.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3.0

Base Score: 6

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

Impact Score: 5.2

Exploitability Score: 0.8

Severity: MEDIUM

Tenable Plugins

View all (21 total)

ID	Name	Product	Family	Severity
135559	EulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2020-1430)	Nessus	Huawei Local Security Checks	critical
131585	EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2019-2431)	Nessus	Huawei Local Security Checks	critical
119310	Debian DLA-1599-1 : qemu security update	Nessus	Debian Local Security Checks	critical
94758	SUSE SLES12 Security Update : qemu (SUSE-SU-2016:2781-1)	Nessus	SuSE Local Security Checks	medium
94608	SUSE SLES11 Security Update : xen (SUSE-SU-2016:2725-1) (Bunker Buster)	Nessus	SuSE Local Security Checks	high
94309	openSUSE Security Update : qemu (openSUSE-2016-1234)	Nessus	SuSE Local Security Checks	medium
94283	SUSE SLES11 Security Update : kvm (SUSE-SU-2016:2628-1)	Nessus	SuSE Local Security Checks	medium
94277	SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2016:2589-1)	Nessus	SuSE Local Security Checks	medium
94269	SUSE SLES12 Security Update : xen (SUSE-SU-2016:2533-1) (Bunker Buster)	Nessus	SuSE Local Security Checks	high
94000	openSUSE Security Update : xen (openSUSE-2016-1170) (Bunker Buster)	Nessus	SuSE Local Security Checks	high
93999	openSUSE Security Update : xen (openSUSE-2016-1169) (Bunker Buster)	Nessus	SuSE Local Security Checks	high
93697	GLSA-201609-01 : QEMU: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
93298	SUSE SLES11 Security Update : xen (SUSE-SU-2016:2100-1) (Bunker Buster)	Nessus	SuSE Local Security Checks	high
93296	SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2016:2093-1) (Bunker Buster)	Nessus	SuSE Local Security Checks	high
92966	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : qemu, qemu-kvm regression (USN-3047-2)	Nessus	Ubuntu Local Security Checks	high
92751	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : qemu, qemu-kvm vulnerabilities (USN-3047-1)	Nessus	Ubuntu Local Security Checks	high
92299	Fedora 22 : 2:qemu (2016-ea3002b577)	Nessus	Fedora Local Security Checks	medium
92277	Fedora 24 : 2:qemu (2016-a80eab65ba)	Nessus	Fedora Local Security Checks	medium
92255	Fedora 23 : 2:qemu (2016-73853a7a16)	Nessus	Fedora Local Security Checks	medium
92081	Fedora 24 : xen (2016-389be30b95)	Nessus	Fedora Local Security Checks	medium
92059	Fedora 23 : xen (2016-103752d2a9)	Nessus	Fedora Local Security Checks	medium

CVE-2016-4454

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins