CVE-2016-9603

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
ADJACENT_NETWORK
HIGH
LOW
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
redhatCNA
5.5 MEDIUM
ADJACENT_NETWORK
HIGH
LOW
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
qemuqemu
𝑥
< 2.9.0
citrixxenserver
6.0.2
citrixxenserver
6.2.0:sp1
citrixxenserver
6.5:sp1
citrixxenserver
7.0
citrixxenserver
7.1
redhatopenstack
5.0
redhatopenstack
6.0
redhatopenstack
7.0
debiandebian_linux
7.0
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.3
redhatenterprise_linux_server_aus
7.4
redhatenterprise_linux_server_eus
7.3
redhatenterprise_linux_server_eus
7.4
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bullseye
1:5.2+dfsg-11+deb11u3
fixed
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
bookworm
1:7.2+dfsg-7+deb12u7
fixed
sid
1:9.1.1+ds-2
fixed
trixie
1:9.1.1+ds-2
fixed
xen
bullseye
4.14.6-1
fixed
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
trixie
4.17.3+36-g54dacb5c02-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu
zesty
Fixed 1:2.8+dfsg-3ubuntu2.1
released
yakkety
Fixed 1:2.6.1+dfsg-0ubuntu5.4
released
xenial
Fixed 1:2.5+dfsg-5ubuntu10.11
released
trusty
Fixed 2.0.0+dfsg-2ubuntu1.33
released
precise
dne
qemu-kvm
zesty
dne
yakkety
dne
xenial
dne
trusty
dne
precise
not-affected
xen
zesty
not-affected
yakkety
not-affected
xenial
not-affected
trusty
Fixed 4.4.2-0ubuntu0.14.04.11
released
precise
ignored
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/96893
http://www.securitytracker.com/id/1038023
https://access.redhat.com/errata/RHSA-2017:0980
https://access.redhat.com/errata/RHSA-2017:0981
https://access.redhat.com/errata/RHSA-2017:0982
https://access.redhat.com/errata/RHSA-2017:0983
https://access.redhat.com/errata/RHSA-2017:0984
https://access.redhat.com/errata/RHSA-2017:0985
https://access.redhat.com/errata/RHSA-2017:0987
https://access.redhat.com/errata/RHSA-2017:0988
https://access.redhat.com/errata/RHSA-2017:1205
https://access.redhat.com/errata/RHSA-2017:1206
https://access.redhat.com/errata/RHSA-2017:1441
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603
https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
https://security.gentoo.org/glsa/201706-03
https://support.citrix.com/article/CTX221578
http://www.securityfocus.com/bid/96893
http://www.securitytracker.com/id/1038023
https://access.redhat.com/errata/RHSA-2017:0980
https://access.redhat.com/errata/RHSA-2017:0981
https://access.redhat.com/errata/RHSA-2017:0982
https://access.redhat.com/errata/RHSA-2017:0983
https://access.redhat.com/errata/RHSA-2017:0984
https://access.redhat.com/errata/RHSA-2017:0985
https://access.redhat.com/errata/RHSA-2017:0987
https://access.redhat.com/errata/RHSA-2017:0988
https://access.redhat.com/errata/RHSA-2017:1205
https://access.redhat.com/errata/RHSA-2017:1206
https://access.redhat.com/errata/RHSA-2017:1441
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603
https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
https://security.gentoo.org/glsa/201706-03
https://support.citrix.com/article/CTX221578