A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
24
Affected Products
36
References
qemu / qemu
| - |
| citrix | xenserver | - | - |
| citrix | xenserver | - | - |
| citrix | xenserver | - | - |
| redhat | openstack | - | - |
| redhat | openstack | - | - |
| redhat | openstack | - | - |
| redhat | openstack | - | - |
| redhat | openstack | - | - |
| redhat | openstack | - | - |
| debian | debian_linux | - | - |
| redhat | enterprise_linux_desktop | - | - |
| redhat | enterprise_linux_desktop | - | - |
| redhat | enterprise_linux_server | - | - |
| redhat | enterprise_linux_server | - | - |
| redhat | enterprise_linux_server_aus | - | - |
| redhat | enterprise_linux_server_aus | - | - |
| redhat | enterprise_linux_server_eus | - | - |
| redhat | enterprise_linux_server_eus | - | - |
| redhat | enterprise_linux_server_eus | - | - |
| redhat | enterprise_linux_workstation | - | - |
| redhat | enterprise_linux_workstation | - | - |
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
Exploitability
Impact