CVE-2016-3712
Severity
5.5MEDIUM
EPSS
0.1%
top 66.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 11
Latest updateMay 13
Description
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages8 packages
Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 15.10, 16.04, Enterprise Linux 7.3, 7.4, 7.6, 7.7, 7.5
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-mfxc-vrvj-33xx: Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by edi↗2022-05-13
CVEList▶
CVE-2016-3712: Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by edi↗2016-05-11
OSV▶
CVE-2016-3712: Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by edi↗2016-05-11