1
PublicDateAtUSN: 2016-12-29
2
Candidate: CVE-2016-9846
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9846
6
https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html
7
http://www.openwall.com/lists/oss-security/2016/12/05/23
8
https://usn.ubuntu.com/usn/usn-3261-1
10
QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support
11
is vulnerable to a memory leakage issue. It could occur while updating the
12
cursor data in update_cursor_data_virgl. A guest user/process could use
13
this flaw to leak host memory bytes, resulting in DoS for a host.
17
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847382
19
Discovered-by: Li Qiang
23
upstream_qemu-kvm: needed
24
precise_qemu-kvm: not-affected (code not present)
26
vivid/ubuntu-core_qemu-kvm: DNE
27
vivid/stable-phone-overlay_qemu-kvm: DNE
34
upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=2d1cd6c7a91a4beb99a0c3a21be529222a708545
37
trusty_qemu: not-affected (code not present)
38
vivid/ubuntu-core_qemu: DNE
39
vivid/stable-phone-overlay_qemu: DNE
40
xenial_qemu: released (1:2.5+dfsg-5ubuntu10.11)
41
yakkety_qemu: released (1:2.6.1+dfsg-0ubuntu5.4)
42
zesty_qemu: not-affected (1:2.8+dfsg-3ubuntu2)
43
devel_qemu: not-affected (1:2.8+dfsg-3ubuntu2)