Ubuntu: Security Advisory (USN-3261-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS : QEMU vulnerabilities (USN-3261-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3261-1 advisory. Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU ...

CVE-2016-10029

The virtiogpusetscanout function in QEMU aka Quick Emulator built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service out-of-bounds read and process crash via a scanout id in a VIRTIOGPUCMDSETSCANOUT command larger than numscanouts...

CVE-2016-10029

CVE-2016-10029 affects QEMU’s Virtio GPU Device emulator (virtio_gpu). The vulnerability is an out-of-bounds read in the virtio_gpu_set_scanout handler when a VIRTIO_GPU_CMD_SET_SCANOUT command uses a scanout id larger than num_scanouts. This local-privilege level issue can cause a guest user to ...