CVE-2016-9922

The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values.

Weakness

The product divides a value by zero.

Affected Software

Name	Vendor	Start Version	End Version
Qemu	Qemu	*	2.7.1 (including)
Qemu	Qemu	2.8.0-rc0 (including)	2.8.0-rc0 (including)
Qemu	Qemu	2.8.0-rc1 (including)	2.8.0-rc1 (including)
Qemu	Qemu	2.8.0-rc2 (including)	2.8.0-rc2 (including)
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7	RedHat	qemu-kvm-rhev-10:2.9.0-10.el7	*
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7	RedHat	qemu-kvm-rhev-10:2.9.0-10.el7	*
Red Hat OpenStack Platform 10.0 (Newton)	RedHat	qemu-kvm-rhev-10:2.9.0-10.el7	*
Red Hat OpenStack Platform 11.0 (Ocata)	RedHat	qemu-kvm-rhev-10:2.9.0-10.el7	*
Red Hat OpenStack Platform 8.0 (Liberty)	RedHat	qemu-kvm-rhev-10:2.9.0-10.el7	*
Red Hat OpenStack Platform 9.0 (Mitaka)	RedHat	qemu-kvm-rhev-10:2.9.0-10.el7	*
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7	RedHat	qemu-kvm-rhev-10:2.9.0-14.el7	*
Qemu	Ubuntu	trusty	*
Qemu	Ubuntu	upstream	*
Qemu	Ubuntu	xenial	*
Qemu	Ubuntu	yakkety	*
Qemu-kvm	Ubuntu	precise	*
Qemu-kvm	Ubuntu	precise/esm	*
Qemu-kvm	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-9922
CWE	https://cwe.mitre.org/data/definitions/369.html

Divide By Zero

Weakness

Affected Software

References