CVE-2016-9846 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Qemu

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-244 — Heap Inspection10 documents7 sources

Severity

6.5MEDIUMNVD

OSV5.5

EPSS

0.1%

top 75.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu

Timeline

PublishedDec 29

Latest updateMay 13

Description

QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while updating the cursor data in update_cursor_data_virgl. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages4 packages

▶debiandebian/qemu< qemu 1:2.8+dfsg-1 (bookworm)

▶Debianqemu/qemu< 1:2.8+dfsg-1+3

▶Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.33+1

▶NVDqemu/qemu2.7.1+1

Patches

Patch: lists.gnu.org ↗Patch: lists.gnu.org ↗

🔴Vulnerability Details

GHSA

GHSA-gwq3-r3rx-h2mh: QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue↗2022-05-13

▶

OSV

qemu vulnerabilities↗2017-04-20

▶

OSV

CVE-2016-9846: QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue↗2016-12-29

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2017-04-20

▶

Red Hat

Qemu: display: virtio-gpu: memory leakage while updating cursor data↗2016-11-01

▶

Debian

CVE-2016-9846: qemu - QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is v...↗2016

▶

💬Community

Bugzilla

CVE-2016-9846 Qemu: display: virtio-gpu: memory leakage while updating cursor data [fedora-all]↗2016-12-07

▶

Bugzilla

CVE-2016-9846 Qemu: display: virtio-gpu: memory leakage while updating cursor data↗2016-12-07

▶

Bugzilla

CVE-2014-9846 ImageMagick: overflow in rle file↗2016-06-07

▶