Xen Cirrus VGA Emulator Heap Overflow Vulnerability [CVE-2016-9603]
CVE number – CVE-2016-9603
A vulnerability in the Cirrus VGA Emulator of Xen Hypervisor could allow a local attacker to gain elevated privileges.
The vulnerability is due to improper bounds checks when the Cirrus VGA Emulator attempts to resize the display of the console. An attacker on a guest operating system could exploit this vulnerability to trigger a heap overflow condition in the device model process of the affected software. A successful exploit could allow the attacker to gain elevated privileges and potentially execute arbitrary code on the host operating system.
Xen.org has confirmed the vulnerability and released software patches.
-
The vulnerability is due to improper bounds checks by the affected software. When a console component, such as the VNC emulation component, attempts to update its display after a Cirrus VGA Emulator operation, a heap overflow condition could occur in the device model process if the new display is larger than the previous display.
-
To exploit this vulnerability, the attacker must have local access to the targeted guest operating system. This access requirement may reduce the likelihood of a successful exploit.
This vulnerability affects only hardware-assisted virtual machine (HVM) guest operating systems that have the Cirrus video card enabled.
-
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to access local systems.
Administrators are advised to monitor affected systems.
-
Xen.org has released a security advisory at the following link: XSA-211
Red Hat has released an official CVE statement and security advisories for bug 1430056 at the following links: CVE-2016-9603, RHSA-2017:0980, RHSA-2017:0981, RHSA-2017:0982, RHSA-2017:0983, RHSA-2017:0984, RHSA-2017:0985, RHSA-2017:0988, RHSA-2017-1205, RHSA-2017-1206,RHSA-2017:1441
QEMU has released a security notice at the following link: QEMU notice
-
Xen.org has released software patches at the following links:
- qemut.patch
- qemut 4.5.patch
- qemuu.patch
- qemuu 4.4.patch
- qemuu 4.6.patch
- qemuu 4.7.patch
- qemuu 4.8.patch
CentOS packages can be updated using the up2date or yum command.
Red Hat has released updated software for registered subscribers at the following link: Red Hat Network. Red Hat packages can be updated on Red Hat Enterprise Linux versions 5 and later using the yum tool.
QEMU has released software patches at the following link: QEMU patches
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.