CVE-2016-9908

Published: 12/23/2016 Last updated: 8/6/2024 Reserved: 12/8/2016

Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the host memory bytes.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (1)

Product	Vendor	Version
n/a	n/a	< cddee5c287e26f6b2ba5c0ffdfc3a846f2f10461

References (6)

http://www.openwall.com/lists/oss-security/2016/12/08/4
https://security.gentoo.org/glsa/201701-49
http://www.securityfocus.com/bid/94761
http://www.openwall.com/lists/oss-security/2016/12/08/4
https://security.gentoo.org/glsa/201701-49
http://www.securityfocus.com/bid/94761