CVE-2016-3712

Published: May 11, 2016Modified: May 6, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

Affected (32)

Products: Oracle: Vm Server · Qemu: Qemu · Canonical: Ubuntu Linux · +3 more

Show all products

Oracle: Vm Server · Qemu: Qemu · Canonical: Ubuntu Linux · Debian: Debian Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Eus, Enterprise Linux Server Tus, Enterprise Linux Workstation · Citrix: Xenserver

1 product

1 product

1 product

1 product

6 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Server Tus

Enterprise Linux Workstation

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Oracle Vm Server	Version 3.3
Oracle Vm Server	Version 3.4

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
Qemu Qemu	Up to 2.5.1
Qemu Qemu	Version 2.6.0 rc0
Qemu Qemu	Version 2.6.0 rc1
Qemu Qemu	Version 2.6.0 rc2
Qemu Qemu	Version 2.6.0 rc3
Qemu Qemu	Version 2.6.0 rc4

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 15.10
Canonical Ubuntu Linux	Version 16.04

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration E

18 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.3
Redhat Enterprise Linux Server Aus	Version 7.4
Redhat Enterprise Linux Server Aus	Version 7.6
Redhat Enterprise Linux Server Aus	Version 7.7
Redhat Enterprise Linux Server Eus	Version 7.3
Redhat Enterprise Linux Server Eus	Version 7.4
Redhat Enterprise Linux Server Eus	Version 7.5
Redhat Enterprise Linux Server Eus	Version 7.6
Redhat Enterprise Linux Server Eus	Version 7.7
Redhat Enterprise Linux Server Tus	Version 7.3
Redhat Enterprise Linux Server Tus	Version 7.6
Redhat Enterprise Linux Server Tus	Version 7.7
Redhat Enterprise Linux Workstation	Version 6.0
Redhat Enterprise Linux Workstation	Version 7.0

Configuration F

1 vulnerable

Vulnerable Software	Affected Versions
Citrix Xenserver	Up to 7.0

Related CWEs

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (22)

http://rhn.redhat.com/errata/RHSA-2016-2585.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0621.html

Source: secalert@redhat.com

Third Party Advisory

http://support.citrix.com/article/CTX212736

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2016/dsa-3573

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/05/09/4

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/90314

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1035794

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2974-1

Source: secalert@redhat.com

Third Party Advisory

http://xenbits.xen.org/xsa/advisory-179.html

Source: secalert@redhat.com

Third Party Advisory

https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01196.html

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2585.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0621.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://support.citrix.com/article/CTX212736

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.debian.org/security/2016/dsa-3573

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/05/09/4

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/90314

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1035794

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2974-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://xenbits.xen.org/xsa/advisory-179.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01196.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

Timeline

No history available yet.