ELSA-2016-2585 -- Oracle qemu-kvmID: oval:org.secpod.oval:def:1501650 | Date: (C)2016-12-07 (M)2023-12-20 |
Class: PATCH | Family: unix |
Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU"s VGA emulator set certain VGA registers while in VBE mode. A privileged guest user could use this flaw to crash the QEMU process instance. * An infinite loop flaw was found in the way QEMU"s e1000 NIC emulation implementation processed data using transmit or receive descriptors under certain conditions. A privileged user inside a guest could use this flaw to crash the QEMU instance. Red Hat would like to thank Zuozhi Fzz for reporting CVE-2016-3712.