CVE number – CVE-2016-9603
A vulnerability in the Cirrus VGA Emulator of Xen Hypervisor could allow a local attacker to gain elevated privileges.
The vulnerability is due to improper bounds checks when the Cirrus VGA Emulator attempts to resize the display of the console. An attacker on a guest operating system could exploit this vulnerability to trigger a heap overflow condition in the device model process of the affected software. A successful exploit could allow the attacker to gain elevated privileges and potentially execute arbitrary code on the host operating system.
Xen.org has confirmed the vulnerability and released software patches.
The vulnerability is due to improper bounds checks by the affected software. When a console component, such as the VNC emulation component, attempts to update its display after a Cirrus VGA Emulator operation, a heap overflow condition could occur in the device model process if the new display is larger than the previous display.
To exploit this vulnerability, the attacker must have local access to the targeted guest operating system. This access requirement may reduce the likelihood of a successful exploit.
This vulnerability affects only hardware-assisted virtual machine (HVM) guest operating systems that have the Cirrus video card enabled.
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to access local systems.
Administrators are advised to monitor affected systems.
Xen.org has released a security advisory at the following link: XSA-211
Red Hat has released an official CVE statement and security advisories for bug 1430056 at the following links: CVE-2016-9603, RHSA-2017:0980, RHSA-2017:0981, RHSA-2017:0982, RHSA-2017:0983, RHSA-2017:0984, RHSA-2017:0985, RHSA-2017:0988, RHSA-2017-1205, RHSA-2017-1206,RHSA-2017:1441
QEMU has released a security notice at the following link: QEMU notice
Xen.org has released software patches at the following links:
- qemut 4.5.patch
- qemuu 4.4.patch
- qemuu 4.6.patch
- qemuu 4.7.patch
- qemuu 4.8.patch
CentOS packages can be updated using the up2date or yum command.
Red Hat has released updated software for registered subscribers at the following link: Red Hat Network. Red Hat packages can be updated on Red Hat Enterprise Linux versions 5 and later using the yum tool.
QEMU has released software patches at the following link: QEMU patches