QEMU VGA hw/display/cirrus_vga.c cirrus_do_copy divide by zero
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
4.3 | $0-$5k | 0.04 |
A vulnerability was found in QEMU (Virtualization Software) (version unknown) and classified as problematic. This issue affects the function cirrus_do_copy
of the file hw/display/cirrus_vga.c of the component VGA. The manipulation with an unknown input leads to a divide by zero vulnerability. Using CWE to declare the problem leads to CWE-369. The product divides a value by zero. Impacted is availability. The summary by CVE is:
The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values.
The bug was discovered 03/27/2017. The weakness was disclosed 03/27/2017 by Qinghao Tang with Qihoo 360 (oss-sec). It is possible to read the advisory at openwall.com. The identification of this vulnerability is CVE-2016-9922 since 12/08/2016. The exploitation is known to be easy. Attacking locally is a requirement. No form of authentication is needed for a successful exploitation. Technical details of the vulnerability are known, but there is no available exploit.
The vulnerability scanner Nessus provides a plugin with the ID 900039 , which helps to determine the existence of the flaw in a target environment. The commercial vulnerability scanner Qualys is able to test this issue with plugin 169489 (SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2017:0127-1)).
Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.qemu-project.org.
The vulnerability is also documented in the databases at Tenable (900039) and SecurityFocus (BID 94803†). The entries VDB-94671, VDB-94672, VDB-94673 and VDB-94674 are pretty similar.
Product
Type
Name
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.4VulDB Meta Temp Score: 4.3
VulDB Base Score: 3.3
VulDB Temp Score: 3.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.5
NVD Vector: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Divide by zeroCWE: CWE-369 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Nessus ID: 900039
Nessus File: 🔍
OpenVAS ID: 865785
OpenVAS Name: Fedora Update for xen FEDORA-2016-1b868c23a9
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: 4299b90e9ba9ce5ca9024572804ba751aa1a7e70
Timeline
12/08/2016 🔍12/08/2016 🔍
03/27/2017 🔍
03/27/2017 🔍
03/27/2017 🔍
03/28/2017 🔍
11/22/2022 🔍
Sources
Product: qemu.orgAdvisory: RHSA-2017:2392
Researcher: Qinghao Tang
Organization: Qihoo 360
Status: Not defined
Confirmation: 🔍
CVE: CVE-2016-9922 (🔍)
SecurityFocus: 94803 - QEMU Divide By Zero Multiple Denial of Service Vulnerabilities
OSVDB: - CVE-2016-9922 - QEMU - Denial of Service Issue
See also: 🔍
Entry
Created: 03/28/2017 10:18 PMUpdated: 11/22/2022 05:58 PM
Changes: 03/28/2017 10:18 PM (76), 11/22/2022 05:58 PM (5)
Complete: 🔍
Cache ID: 18:16F:40
No comments yet. Languages: en.
Please log in to comment.