CVE-2016-7170Improper Validation of Array Index in Qemu

CWE-129Improper Validation of Array IndexCWE-121Stack-based Buffer Overflow11 documents7 sources
Severity
4.4MEDIUMNVD
OSV5.5
EPSS
0.1%
top 77.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
QemuDebian QemuDebian Linux+1 more
Timeline
PublishedDec 10
Latest updateMay 13

Description

The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages5 packages

debiandebian/qemu< qemu 1:2.8+dfsg-1 (bookworm)
Debianqemu/qemu< 1:2.8+dfsg-1+3
Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.30+1
NVDqemu/qemu2.7.1
NVDopensuse/leap42.2

Also affects: Debian Linux 8.0

Patches

Patch: lists.gnu.orgPatch: lists.gnu.org

🔴Vulnerability Details

3
GHSA
GHSA-g884-2vqj-jrfw: The vmsvga_fifo_run function in hw/display/vmware_vga2022-05-13
OSV
CVE-2016-7170: The vmsvga_fifo_run function in hw/display/vmware_vga2016-12-10
OSV
qemu, qemu-kvm vulnerabilities2016-11-09

📋Vendor Advisories

4
Red Hat
ntp: Ephemeral association time spoofing additional protection2018-02-27
Ubuntu
QEMU vulnerabilities2016-11-09
Red Hat
Qemu: vmware_vga: OOB stack memory access when processing svga command2016-09-08
Debian
CVE-2016-7170: qemu - The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emula...2016

💬Community

3
Bugzilla
CVE-2018-7170 ntp: Ephemeral association time spoofing additional protection2018-02-28
Bugzilla
CVE-2016-7170 Qemu: vmware_vga: OOB stack memory access when processing svga command2016-09-09
Bugzilla
CVE-2016-7170 Qemu: vmware_vga: OOB stack memory access when processing svga command [fedora-all]2016-09-09