Back to search
CVE-2016-9845
Published: Dec 29, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A guest user/process could use this flaw to leak contents of the host memory bytes.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[qemu-devel] 20161101 [PATCH] virtio-gpu: fix information leak in getting capset info dispatch
mailing-list
x_refsource_MLIST
GLSA-201701-49
vendor-advisory
x_refsource_GENTOO
94763
vdb-entry
x_refsource_BID
[oss-security] 20161205 CVE request: Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset_info
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now