Lucene search

K
osvGoogleOSV:DLA-764-1
HistoryDec 26, 2016 - 12:00 a.m.

qemu - security update

2016-12-2600:00:00
Google
osv.dev
27

EPSS

0.001

Percentile

26.7%

Multiple vulnerabilities have been found in QEMU:

  • CVE-2016-9911
    Quick Emulator (Qemu) built with the USB EHCI Emulation support
    is vulnerable to a memory leakage issue. It could occur while
    processing packet data in ehci_init_transfer. A guest user/
    process could use this issue to leak host memory, resulting in
    DoS for a host.
  • CVE-2016-9921 /
    CVE-2016-9922
    Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator
    support is vulnerable to a divide by zero issue. It could occur
    while copying VGA data when cirrus graphics mode was set to be
    VGA. A privileged user inside guest could use this flaw to crash
    the Qemu process instance on the host, resulting in DoS.

For Debian 7 Wheezy, these problems have been fixed in version
1.1.2+dfsg-6+deb7u19.

We recommend that you upgrade your qemu packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <https://wiki.debian.org/LTS&gt;