CVE-2016-9603

moderate-risk

Published 2018-07-27

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

Do I need to act?

1.6% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

ADJACENT_NETWORK / HIGH complexity

Affected Products (20)

Qemu

Xenserver

Openstack

Debian Linux

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Affected Vendors

Debian Redhat Citrix Qemu

References (36)

Third Party Advisory http://www.securityfocus.com/bid/96893

Third Party Advisory http://www.securitytracker.com/id/1038023

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:0980

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:0981

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:0982

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:0983

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:0984

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:0985

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:0987

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:0988

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1205

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1206

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1441

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603

Third Party Advisory https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html

https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html

Third Party Advisory https://security.gentoo.org/glsa/201706-03

Third Party Advisory https://support.citrix.com/article/CTX221578

Third Party Advisory http://www.securityfocus.com/bid/96893

Third Party Advisory http://www.securitytracker.com/id/1038023

and 16 more references

/ 100

moderate-risk

Severity 14/34 · Moderate

Exploitability 4/34 · Minimal

Exposure 21/34 · High