CVE-2016-3712

Impact:
Moderate
Public Date:
2016-05-09
CWE:
CWE-125
Bugzilla:
1318712: CVE-2016-3712 qemu-kvm: Out-of-bounds read when creating weird vga screen surface
An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU's VGA emulator set certain VGA registers while in VBE mode. A privileged guest user could use this flaw to crash the QEMU process instance.

Find out more about CVE-2016-3712 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 3.8
Base Metrics AV:A/AC:M/Au:S/C:P/I:N/A:P
Access Vector Adjacent Network
Access Complexity Medium
Authentication Single
Confidentiality Impact Partial
Integrity Impact None
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (qemu-kvm) RHSA-2016:2585 2016-11-03
Red Hat Enterprise Linux 6 (qemu-kvm) RHSA-2017:0621 2017-03-21
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.

Acknowledgements

Red Hat would like to thank Zuozhi Fzz (Alibaba Inc.) for reporting this issue.
Last Modified