QEMU vmsvga_javaso_read_raw Function Denial of Service Vulnerability (CVE-2016-4454)

QEMU vmsvga_javaso_read_raw Function Denial of Service Vulnerability (CVE-2016-4454)
QEMU vmsvga_javaso_read_raw Function Denial of Service Vulnerability (CVE-2016-4454)

Release date:
Updated on:

Affected Systems:

QEMU

Description:

CVE (CAN) ID: CVE-2016-4454

QEMU is an open source simulator software.

QEMU hw/display/vmware_vga.c/vmsvga_polico_read_raw function has a security vulnerability. By changing the FIFO register and publishing the VGA command, a local OS user can cause denial of service (QEMU process crash) or obtain sensitive information.

<* Source: Andrej Nem
*>

Suggestion:

Vendor patch:

QEMU
----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Https://bugzilla.redhat.com/show_bug.cgi? Id = 1336429

Https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html

Http://www.openwall.com/lists/oss-security/2016/05/30/3

Use KVM + Qemu to build a virtual machine in Ubuntu

Linux getting started Tutorial: QEMU for Virtual Machine experience

Ubuntu 12.04 cannot find the Qemu command

Install QEMU + efi bios on Arch Linux

QEMU translation framework and debugging tools

QEMU code analysis: BIOS loading process

QEMU details: click here
QEMU: click here

This article permanently updates the link address: