CVE-2016-9603

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603

https://support.citrix.com/article/CTX221578

https://security.gentoo.org/glsa/201706-03

https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html

https://access.redhat.com/errata/RHSA-2017:1441

https://access.redhat.com/errata/RHSA-2017:1206

https://access.redhat.com/errata/RHSA-2017:1205

https://access.redhat.com/errata/RHSA-2017:0988

https://access.redhat.com/errata/RHSA-2017:0987

https://access.redhat.com/errata/RHSA-2017:0985

https://access.redhat.com/errata/RHSA-2017:0984

https://access.redhat.com/errata/RHSA-2017:0983

https://access.redhat.com/errata/RHSA-2017:0982

https://access.redhat.com/errata/RHSA-2017:0981

https://access.redhat.com/errata/RHSA-2017:0980

http://www.securitytracker.com/id/1038023

http://www.securityfocus.com/bid/96893

https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html

Details

Source: MITRE

Published: 2018-07-27

Updated: 2021-08-04

Type: CWE-119

Risk Information

CVSS v2

Base Score: 9

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8

Severity: HIGH

CVSS v3

Base Score: 9.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Impact Score: 6

Exploitability Score: 3.1

Severity: CRITICAL

Tenable Plugins

View all (49 total)

IDNameProductFamilySeverity
140019OracleVM 3.4 : xen (OVMSA-2020-0039) (Bunker Buster) (Foreshadow) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (Meltdown) (POODLE) (Spectre)NessusOracleVM Local Security Checks
critical
127343NewStart CGSL MAIN 4.05 : qemu-kvm Multiple Vulnerabilities (NS-SA-2019-0108)NessusNewStart CGSL Local Security Checks
critical
117351Debian DLA-1497-1 : qemu security update (Spectre)NessusDebian Local Security Checks
critical
111992OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre)NessusOracleVM Local Security Checks
critical
111023OracleVM 3.4 : qemu-kvm (OVMSA-2018-0238) (Spectre)NessusOracleVM Local Security Checks
critical
106633Debian DLA-1270-1 : xen security updateNessusDebian Local Security Checks
critical
104780SUSE SLES11 Security Update : kvm (SUSE-SU-2017:3084-1)NessusSuSE Local Security Checks
critical
104495SUSE SLES12 Security Update : qemu (SUSE-SU-2017:2969-1)NessusSuSE Local Security Checks
critical
104494SUSE SLES11 Security Update : kvm (SUSE-SU-2017:2963-1)NessusSuSE Local Security Checks
critical
104471SUSE SLES12 Security Update : qemu (SUSE-SU-2017:2946-1)NessusSuSE Local Security Checks
critical
103830OracleVM 3.4 : xen (OVMSA-2017-0153)NessusOracleVM Local Security Checks
critical
103158openSUSE Security Update : xen (openSUSE-2017-1022)NessusSuSE Local Security Checks
critical
102952SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:2326-1)NessusSuSE Local Security Checks
critical
102835OracleVM 3.4 : xen (OVMSA-2017-0142)NessusOracleVM Local Security Checks
critical
102008Fedora 25 : 2:qemu (2017-f941184db1)NessusFedora Local Security Checks
critical
101909Debian DLA-1035-1 : qemu security updateNessusDebian Local Security Checks
critical
101758openSUSE Security Update : qemu (openSUSE-2017-822)NessusSuSE Local Security Checks
critical
101463Virtuozzo 6 : qemu-guest-agent / qemu-img / qemu-kvm / etc (VZLSA-2017-1206)NessusVirtuozzo Local Security Checks
critical
101452Virtuozzo 7 : qemu-img / qemu-kvm / qemu-kvm-common / etc (VZLSA-2017-0987)NessusVirtuozzo Local Security Checks
critical
101227SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:1774-1)NessusSuSE Local Security Checks
critical
100630GLSA-201706-03 : QEMU: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
100142RHEL 6 : qemu-kvm-rhev (RHSA-2017:1205)NessusRed Hat Local Security Checks
critical
100133Debian DLA-939-1 : qemu-kvm security updateNessusDebian Local Security Checks
critical
100115OracleVM 3.4 : qemu-kvm (OVMSA-2017-0101)NessusOracleVM Local Security Checks
critical
100097Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20170509)NessusScientific Linux Local Security Checks
critical
100092RHEL 6 : qemu-kvm (RHSA-2017:1206)NessusRed Hat Local Security Checks
critical
100088Oracle Linux 6 : qemu-kvm (ELSA-2017-1206)NessusOracle Linux Local Security Checks
critical
100086openSUSE Security Update : xen (openSUSE-2017-563)NessusSuSE Local Security Checks
critical
100068CentOS 6 : qemu-kvm (CESA-2017:1206)NessusCentOS Local Security Checks
critical
99977OracleVM 3.2 : xen (OVMSA-2017-0096)NessusOracleVM Local Security Checks
critical
99976OracleVM 3.3 : xen (OVMSA-2017-0095)NessusOracleVM Local Security Checks
critical
99962SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:1147-1)NessusSuSE Local Security Checks
critical
99961SUSE SLES11 Security Update : xen (SUSE-SU-2017:1146-1)NessusSuSE Local Security Checks
critical
99960SUSE SLES11 Security Update : xen (SUSE-SU-2017:1145-1)NessusSuSE Local Security Checks
critical
99959SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:1143-1)NessusSuSE Local Security Checks
critical
99946EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2017-1080)NessusHuawei Local Security Checks
critical
99945EulerOS 2.0 SP1 : qemu-kvm (EulerOS-SA-2017-1079)NessusHuawei Local Security Checks
critical
99686Ubuntu 17.04 : qemu vulnerabilities (USN-3268-1)NessusUbuntu Local Security Checks
critical
99581Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : qemu vulnerabilities (USN-3261-1)NessusUbuntu Local Security Checks
critical
99580SUSE SLES11 Security Update : xen (SUSE-SU-2017:1081-1)NessusSuSE Local Security Checks
critical
99579SUSE SLES12 Security Update : xen (SUSE-SU-2017:1080-1)NessusSuSE Local Security Checks
critical
99501RHEL 7 : qemu-kvm-rhev (RHSA-2017:0985)NessusRed Hat Local Security Checks
critical
99482CentOS 7 : qemu-kvm (CESA-2017:0987)NessusCentOS Local Security Checks
critical
99456Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20170418)NessusScientific Linux Local Security Checks
critical
99454RHEL 7 : qemu-kvm (RHSA-2017:0987)NessusRed Hat Local Security Checks
critical
99452Oracle Linux 7 : qemu-kvm (ELSA-2017-0987)NessusOracle Linux Local Security Checks
critical
97948Citrix XenServer QEMU Display Geometry Resize Handling Guest-to-Host Code Execution (CTX221578)NessusMisc.
critical
97904FreeBSD : xen-tools -- Cirrus VGA Heap overflow via display refresh (af19ecd0-0f6a-11e7-970f-002590263bf5)NessusFreeBSD Local Security Checks
critical
97840Fedora 25 : xen (2017-3d16d348eb)NessusFedora Local Security Checks
critical