CVE-2016-9912Missing Release of Resource after Effective Lifetime in Qemu

CWE-772Missing Release of Resource after Effective LifetimeCWE-244Heap Inspection12 documents7 sources
Severity
6.5MEDIUMNVD
OSV9.8OSV5.5
EPSS
0.1%
top 70.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
QemuPhp5Debian Qemu
Timeline
PublishedDec 23
Latest updateMay 13

Description

Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages5 packages

debiandebian/qemu< qemu 1:2.8+dfsg-1 (bookworm)
Debianqemu/qemu< 1:2.8+dfsg-1+3
Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.33+1
NVDqemu/qemu2.8.1.1
Ubuntuphp5/php5< 5.5.9+dfsg-1ubuntu4.21

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

4
GHSA
GHSA-5x35-9r35-66x7: Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue2022-05-13
OSV
qemu vulnerabilities2017-04-20
OSV
php5 vulnerabilities2017-02-14
OSV
CVE-2016-9912: Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue2016-12-23

📋Vendor Advisories

4
Ubuntu
QEMU vulnerabilities2017-04-25
Ubuntu
QEMU vulnerabilities2017-04-20
Red Hat
Qemu: display: virtio-gpu: memory leakage when destroying gpu resource2016-11-28
Debian
CVE-2016-9912: qemu - Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulne...2016

💬Community

3
Bugzilla
CVE-2016-9912 Qemu: display: virtio-gpu: memory leakage when destroying gpu resource [fedora-all]2016-12-07
Bugzilla
CVE-2016-9912 Qemu: display: virtio-gpu: memory leakage when destroying gpu resource2016-12-07
Bugzilla
CVE-2014-9912 php: stack buffer overflow in locale_get_display_name2016-11-29