CVE-2016-9603

Summary

CVE	CVE-2016-9603
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2018-07-27 21:29:00 UTC
Updated	2023-11-07 02:37:00 UTC
Description	A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Citrix	Xenserver	6.0.2	All	All	All
Application	Citrix	Xenserver	6.2.0	sp1	All	All
Application	Citrix	Xenserver	6.5	sp1	All	All
Application	Citrix	Xenserver	7.0	All	All	All
Application	Citrix	Xenserver	7.1	All	All	All
Application	Citrix	Xenserver	6.0.2	All	All	All
Application	Citrix	Xenserver	6.2.0	sp1	All	All
Application	Citrix	Xenserver	6.5	sp1	All	All
Application	Citrix	Xenserver	7.0	All	All	All
Application	Citrix	Xenserver	7.1	All	All	All
Operating System	Debian	Debian Linux	7.0	All	All	All
Operating System	Debian	Debian Linux	7.0	All	All	All
Application	Qemu	Qemu	All	All	All	All
Application	Qemu	Qemu	All	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	6.0	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	6.0	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	6.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	6.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.3	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.3	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	7.3	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	7.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	7.5	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	7.3	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	7.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	7.5	All	All	All
Operating System	Redhat	Enterprise Linux Workstation	6.0	All	All	All
Operating System	Redhat	Enterprise Linux Workstation	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Workstation	6.0	All	All	All
Operating System	Redhat	Enterprise Linux Workstation	7.0	All	All	All
Application	Redhat	Openstack	10	All	All	All
Application	Redhat	Openstack	10.0	All	All	All
Application	Redhat	Openstack	5.0	All	All	All
Application	Redhat	Openstack	6.0	All	All	All
Application	Redhat	Openstack	7.0	All	All	All
Application	Redhat	Openstack	8	All	All	All
Application	Redhat	Openstack	8.0	All	All	All
Application	Redhat	Openstack	9	All	All	All
Application	Redhat	Openstack	9.0	All	All	All
Application	Redhat	Openstack	10.0	All	All	All
Application	Redhat	Openstack	5.0	All	All	All
Application	Redhat	Openstack	6.0	All	All	All
Application	Redhat	Openstack	7.0	All	All	All
Application	Redhat	Openstack	8.0	All	All	All
Application	Redhat	Openstack	9.0	All	All	All

References

Reference	Source	Link	Tags
Red Hat Customer Portal	REDHAT	access.redhat.com	Third Party Advisory
Red Hat Customer Portal	REDHAT	access.redhat.com	Third Party Advisory
Citrix XenServer Security Update for CVE-2016-9603	CONFIRM	support.citrix.com	Third Party Advisory
Red Hat Customer Portal	REDHAT	access.redhat.com	Third Party Advisory
1430056 – (CVE-2016-9603) CVE-2016-9603 Qemu: cirrus: heap buffer overflow via vnc connection	CONFIRM	bugzilla.redhat.com	Issue Tracking, Third Party Advisory
[SECURITY] [DLA 1497-1] qemu security update	MLIST	lists.debian.org
Red Hat Customer Portal	REDHAT	access.redhat.com	Third Party Advisory
Red Hat Customer Portal	REDHAT	access.redhat.com	Third Party Advisory
Xen Qemu Cirrus VGA Heap Overflow Lets Local Users on a Guest System Gain Elevated Privileges on the Host System - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
Red Hat Customer Portal	REDHAT	access.redhat.com	Third Party Advisory
Red Hat Customer Portal	REDHAT	access.redhat.com	Third Party Advisory
QEMU CVE-2016-9603 Heap Buffer Overflow Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
Red Hat Customer Portal	REDHAT	access.redhat.com	Third Party Advisory
[SECURITY] [DLA 1270-1] xen security update	MLIST	lists.debian.org	Third Party Advisory
Red Hat Customer Portal	REDHAT	access.redhat.com	Third Party Advisory
QEMU: Multiple vulnerabilities (GLSA 201706-03) — Gentoo security	GENTOO	security.gentoo.org	Third Party Advisory
Red Hat Customer Portal	REDHAT	access.redhat.com	Third Party Advisory
Red Hat Customer Portal	REDHAT	access.redhat.com	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

378194 Virtuozzo Linux Security Update for qemu-guest-agent (VZLSA-2017:1206)
378234 Virtuozzo Linux Security Update for qemu-kvm (VZLSA-2017:0987)
500814 Alpine Linux Security Update for xen
504557 Alpine Linux Security Update for xen
510417 Alpine Linux Security Update for xen
710528 Gentoo Linux QEMU Multiple Vulnerabilities (GLSA 201706-03)