oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy

From: <cve-assign () mitre org>
Date: Fri, 9 Dec 2016 00:13:41 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Quick emulator(Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is
vulnerable to a divide by zero issue. It could occur while copying VGA data
when cirrus graphics mode was set to be VGA.

A privileged user inside guest could use this flaw to crash the Qemu process
instance on the host, resulting in DoS.

https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html
https://bugzilla.redhat.com/show_bug.cgi?id=1334398
http://git.qemu.org/?p=qemu.git;a=commit;h=4299b90e9ba9ce5ca9024572804ba751aa1a7e70


Use CVE-2016-9921 for the "'cirrus_get_bpp' returns zero(0), which
could lead to a divide by zero" issue.

Use CVE-2016-9922 for the "blit pitch values" issue.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYSjxDAAoJEHb/MwWLVhi2KvEP+wd+MdU2D7RZ4WVw/3M+G17C
1D/KdgtB4D8i+Dx5AkCwFBFY85bZxMPCGe4gGxno/3MyzhxIik6AZ0jPOw2yOeI6
jCp2S1gwowMs7jFexlG4nEQy3b+rBbjbGEvL0TSDyIKhvFdi8g+izv5u//49NvRi
U1zNoHOzscgSlswSt+M8kYnKUDsfznisqjrCXc0F5cqksB9fcCf7bXWGjh5iAe4b
vl0uO+5zQgCafAduS/+EQtDJheW9ussbAoLlJvVAfRQo9Ue7l3iZhyT1ty5gf4AO
UH4kFYCuYMrQecbfYbKszS2ZZ4pF5hPXF9iXH+758n5ICyhk4h4q5dxwRtrEe7vC
rT9lww4agFnrV9++TiUtB8UyldibNgxidEAsWxnkHS8mHPOB3ClPlHgr0FOekEkp
hounmHanE8K/e66J79DESxX2GaFmLi1AbkF4x8ZeYF3I3dyjfEsNFEbPePwYp/1d
OBjjebavjtJef22GzQsaqWw9OXnkaqRYCKmH8PatX4msjzLCeBJ4jOKXTSExzFxs
KJiWx/5lXOb86VlrjVbTA/kJNxIjNHl3b1hBGz6rTrfkHeRs+W9OHgMBRNL4GHxP
04DmwoQrRIG6fuvhTEjHU87vzf527BoqlAn/EgSzIQWKzkfIqUGiiWypvwVIftfQ
r3ilsSTK4Ga5P42dkDYZ
=Q5bc
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: