FKIE_CVE-2016-9921

Vulnerability from fkie_nvd - Published: 2016-12-23 22:59 - Updated: 2025-04-12 10:46
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Summary
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS.
References
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2016/12/09/1Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/94803Third Party Advisory, VDB Entry
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:2392Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:2408Third Party Advisory
secalert@redhat.comhttps://lists.debian.org/debian-lts-announce/2018/09/msg00007.htmlMailing List, Third Party Advisory
secalert@redhat.comhttps://security.gentoo.org/glsa/201701-49Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/12/09/1Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/94803Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2392Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2408Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/09/msg00007.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201701-49Third Party Advisory
Impacted products
Vendor Product Version
qemu qemu *
qemu qemu 2.8.0
qemu qemu 2.8.0
qemu qemu 2.8.0
debian debian_linux 8.0
redhat openstack 6.0
redhat openstack 7.0
redhat openstack 8
redhat openstack 9
redhat openstack 10
redhat openstack 11
redhat virtualization 4.0
redhat enterprise_linux 7.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83E2010-6463-407A-928D-DB71A705A04C",
              "versionEndIncluding": "2.7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.8.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "58947AD5-A971-4E22-8D8A-634E2ED5DECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "62294521-D8AD-43C1-9B53-D75243DC9A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "436470C3-919A-40F0-9813-A34CD8F7CF29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B8C725-34CF-4340-BE7B-37E58CF706D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E9AF77C-5D49-4842-9817-AD710A919073",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS."
    },
    {
      "lang": "es",
      "value": "Quick emulator (Qemu) construido con el soporte Cirrus CLGD 54xx VGA Emulator es vulnerable a un problema de divisi\u00f3n por cero. Podr\u00eda ocurrir mientras se copian datos VGA cuando el modo de gr\u00e1ficos cirrus estaba configurado para ser VGA. Un usuario privilegiado dentro del hu\u00e9sped podr\u00eda usar esta falla para bloquear la instancia del proceso Qemu en el host, resultando en DoS."
    }
  ],
  "id": "CVE-2016-9921",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-12-23T22:59:00.550",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/12/09/1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94803"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2392"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2408"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201701-49"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/12/09/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94803"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2408"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201701-49"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-369"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.