UBUNTU-CVE-2016-10028
Advisory lineage Upstream: 1 Downstream: 1
Upstream
Downstream
Published: 27 Feb 2017, 00:00
Last modified:04 Feb 2026, 03:37
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.5 MEDIUM
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
27 Feb 2017, 00:00
Published
Vulnerability first disclosed
04 Feb 2026, 03:37
Last Modified
Vulnerability information updated
Description
The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- v3.0•MEDIUM•Score: 5.5CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Systems
- ubuntu•qemu
< 1:2.5+dfsg-5ubuntu10.11
References (6)
- https://ubuntu.com/security/CVE-2016-10028
- https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html
- http://www.openwall.com/lists/oss-security/2016/12/20/1
- https://ubuntu.com/security/notices/USN-3261-1
- https://ubuntu.com/security/notices/USN-3268-1
- https://www.cve.org/CVERecord?id=CVE-2016-10028