CVE-2016-9921

Advisory lineage Upstream: 0 Downstream: 21

Downstream

DEBIAN-CVE-2016-9921 DLA-1497-1 DLA-764-1 DLA-765-1 OPENSUSE-SU-2024:11287-1 OPENSUSE-SU-2024:11520-1

Modified

Published: 23 Dec 2016, 22:00

Last modified:06 Aug 2024, 03:07

Vulnerability Summary

Overall Risk (default)

medium

26/100

CVSS Score

6.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.1% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

23 Dec 2016, 22:00

Published

Vulnerability first disclosed

06 Aug 2024, 03:07

Last Modified

Vulnerability information updated

Description

Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS.

CVSS Metrics

v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 0.10%• Percentile: 28%

Techniques & Countermeasures

CWE-369•Divide By Zero
The product divides a value by zero.

Affected Systems

debian•debian_linux
8.0
qemu•qemu
≤ 2.7.1 | 2.8.0:rc0 | 2.8.0:rc1 | 2.8.0:rc2
redhat•openstack
6.0 | 7.0 | 8 | 9 | 10 | 11
redhat•virtualization
4.0