CVE-2016-9921

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS.

References

http://www.securityfocus.com/bid/94803

http://www.openwall.com/lists/oss-security/2016/12/09/1

https://security.gentoo.org/glsa/201701-49

https://access.redhat.com/errata/RHSA-2017:2408

https://access.redhat.com/errata/RHSA-2017:2392

https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html

Details

Source: MITRE

Published: 2016-12-23

Updated: 2021-08-04

Type: CWE-369

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Impact Score: 4

Exploitability Score: 2

Severity: MEDIUM

Tenable Plugins

View all (26 total)

IDNameProductFamilySeverity
117351Debian DLA-1497-1 : qemu security update (Spectre)NessusDebian Local Security Checks
critical
104780SUSE SLES11 Security Update : kvm (SUSE-SU-2017:3084-1)NessusSuSE Local Security Checks
critical
102158RHEL 7 : qemu-kvm-rhev (RHSA-2017:2392)NessusRed Hat Local Security Checks
high
100232openSUSE Security Update : qemu (openSUSE-2017-589)NessusSuSE Local Security Checks
critical
100149SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:1241-1)NessusSuSE Local Security Checks
critical
99758SUSE SLES11 Security Update : kvm (SUSE-SU-2017:1135-1)NessusSuSE Local Security Checks
critical
99581Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : qemu vulnerabilities (USN-3261-1)NessusUbuntu Local Security Checks
critical
97828SUSE SLES11 Security Update : xen (SUSE-SU-2017:0718-1)NessusSuSE Local Security Checks
critical
97791openSUSE Security Update : qemu (openSUSE-2017-349)NessusSuSE Local Security Checks
critical
97712openSUSE Security Update : xen (openSUSE-2017-329)NessusSuSE Local Security Checks
critical
97696SUSE SLES12 Security Update : qemu (SUSE-SU-2017:0661-1)NessusSuSE Local Security Checks
critical
97657SUSE SLES11 Security Update : xen (SUSE-SU-2017:0647-1)NessusSuSE Local Security Checks
critical
97599SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:0625-1)NessusSuSE Local Security Checks
critical
97467SUSE SLES12 Security Update : xen (SUSE-SU-2017:0582-1)NessusSuSE Local Security Checks
critical
97433SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:0571-1)NessusSuSE Local Security Checks
critical
97432SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:0570-1)NessusSuSE Local Security Checks
critical
96782Fedora 24 : 2:qemu (2017-12394e2cc7)NessusFedora Local Security Checks
high
96684GLSA-201701-49 : QEMU: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
96677Fedora 25 : 2:qemu (2017-b953d4d3a4)NessusFedora Local Security Checks
high
96623openSUSE Security Update : qemu (openSUSE-2017-116)NessusSuSE Local Security Checks
high
96529SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:0127-1)NessusSuSE Local Security Checks
high
96113Fedora 24 : xen (2016-bcbae0781f)NessusFedora Local Security Checks
high
96100Debian DLA-765-1 : qemu-kvm security updateNessusDebian Local Security Checks
medium
96099Debian DLA-764-1 : qemu security updateNessusDebian Local Security Checks
medium
96025Fedora 23 : xen (2016-cc2916dcf4)NessusFedora Local Security Checks
high
95945Fedora 25 : xen (2016-1b868c23a9)NessusFedora Local Security Checks
medium