CVE-2016-3712

MEDIUM

QEMU - DoS

Title source: llm

Description

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

References (11)

Scores

CVSS v3 5.5
EPSS 0.0014
EPSS Percentile 33.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE
CWE-190
Status draft

Affected Products (32)

oracle/vm_server
oracle/vm_server
qemu/qemu < 2.5.1
qemu/qemu
qemu/qemu
qemu/qemu
qemu/qemu
qemu/qemu
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
debian/debian_linux
redhat/enterprise_linux_desktop
redhat/enterprise_linux_desktop
... and 17 more

Timeline

Published May 11, 2016
Tracked Since Feb 18, 2026