NVD Vulnerability Detail

CVE-2016-9922

Summary	The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values.
Publication Date	March 28, 2017, 12:59 a.m.
Registration Date	Jan. 26, 2021, 2:21 p.m.
Last Update	Nov. 21, 2024, 12:02 p.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=4299b90e9ba9ce5ca9024572804ba751aa1a7e70
2	http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=4299b90e9ba9ce5ca9024572804ba751aa1a7e70
3	http://www.openwall.com/lists/oss-security/2016/12/09/1	Mailing List Patch Third Party Advisory
4	http://www.openwall.com/lists/oss-security/2016/12/09/1	Mailing List Patch Third Party Advisory
5	http://www.securityfocus.com/bid/94803	Third Party Advisory VDB Entry
6	http://www.securityfocus.com/bid/94803	Third Party Advisory VDB Entry
7	https://access.redhat.com/errata/RHSA-2017:2392	Third Party Advisory
8	https://access.redhat.com/errata/RHSA-2017:2392	Third Party Advisory
9	https://access.redhat.com/errata/RHSA-2017:2408	Third Party Advisory
10	https://access.redhat.com/errata/RHSA-2017:2408	Third Party Advisory
11	https://bugzilla.redhat.com/show_bug.cgi?id=1334398	Issue Tracking Patch
12	https://bugzilla.redhat.com/show_bug.cgi?id=1334398	Issue Tracking Patch
13	https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html	Third Party Advisory
14	https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html	Third Party Advisory
15	https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html	Patch Vendor Advisory
16	https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html	Patch Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-369	ゼロ除算	https://cwe.mitre.org/data/definitions/369.html

JVN Vulnerability Information

QEMU の hw/display/cirrus_vga.c の cirrus_do_copy 関数におけるサービス運用妨害 (DoS) の脆弱性

Title	QEMU の hw/display/cirrus_vga.c の cirrus_do_copy 関数におけるサービス運用妨害 (DoS) の脆弱性
Summary	QEMU (別名 Quick Emulator) の hw/display/cirrus_vga.c の cirrus_do_copy 関数には、Cirrus のグラフィックモードの設定が VGA の場合、サービス運用妨害 (ゼロ除算エラーおよび QEMU プロセスクラッシュ) 状態にされる脆弱性が存在します。
Possible impacts	ローカルのゲスト OS の特権ユーザにより、サービス運用妨害 (ゼロ除算エラーおよび QEMU プロセスクラッシュ) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 5, 2016, midnight
Registration Date	April 27, 2017, 6:38 p.m.
Last Update	April 27, 2017, 6:38 p.m.

Affected System

Fabrice Bellard

QEMU

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-9922	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9922
National Vulnerability Database (NVD)
2	CVE-2016-9922	https://nvd.nist.gov/vuln/detail/CVE-2016-9922

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-369	https://cwe.mitre.org/data/definitions/369.html

ベンダー情報

No	Name	URL
QEMU
1	display: cirrus: check vga bits per pixel(bpp) value	http://git.qemu.org/?p=qemu.git;a=commit;h=4299b90e9ba9ce5ca9024572804ba751aa1a7e70
Qemu-devel
2	[PULL 4/4] display: cirrus: check vga bits per pixel(bpp) value	https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html
Red Hat Bugzilla
3	Bug 1334398	https://bugzilla.redhat.com/show_bug.cgi?id=1334398

Change Log

No	Changed Details	Date of change
0	[2017年04月27日] 掲載	Feb. 17, 2018, 10:37 a.m.