Lucene search

K
ubuntucveUbuntu.comUB:CVE-2016-9912
HistoryDec 23, 2016 - 12:00 a.m.

CVE-2016-9912

2016-12-2300:00:00
ubuntu.com
ubuntu.com
18
qemu
virtio gpu
memory leakage
security vulnerability
debian bug

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0.001

Percentile

20.8%

Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is
vulnerable to a memory leakage issue. It could occur while destroying gpu
resource object in ‘virtio_gpu_resource_destroy’. A guest user/process
could use this flaw to leak host memory bytes, resulting in DoS for a host.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchqemu< 1:2.5+dfsg-5ubuntu10.11UNKNOWN
ubuntu16.10noarchqemu< 1:2.6.1+dfsg-0ubuntu5.4UNKNOWN
ubuntu17.04noarchqemu< 1:2.8+dfsg-3ubuntu2.1UNKNOWN

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0.001

Percentile

20.8%